PT-2024-23686 · Langchain Ai · Langchain

Name of the Vulnerable Software and Affected Versions: langchain-ai/langchain version 0.1.5 Description: A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component. The vulnerability arises because the Web Research Retriever does not restrict requests to remot...

Ladder v0.0.21 - Server-side request forgery Vulnerability

Exploit Title: Ladder v0.0.21 - Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to...

Ladder Security Breach

Ladder is a web proxy that helps bypass paywalls. A security vulnerability exists in Ladder version v0.0.21, which stems from an inability to apply sufficient default restrictions to target addresses. An attacker exploiting the vulnerability could access private address ranges, local listening...

Ladder v0.0.21 - Server-side request forgery (SSRF)

Exploit Title: Ladder v0.0.21 - Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to...

Ladder 0.0.21 Server-Side Request Forgery

Exploit Title: Ladder v0.0.21 Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to app...

USN-6519-2 ec2-hibinit-agent update

USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended...

USN-6519-1 ec2-hibinit-agent update

The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended...

USN-6493-1 hibagent update

On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured...

New InsightCloudSec Compliance Pack for CIS AWS Benchmark 2.0.0

The Center for Internet Security CIS recently released version two of their AWS Benchmark. CIS AWS Benchmark 2.0.0 brings two new recommendations and eliminates one from the previous version. The update also includes some minor formatting changes to certain recommendation descriptions. In this...

SUSE CVE-2015-1426

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

AAD Pod Identity 安全漏洞

Microsoft AAD Pod Identity is Microsoft's Assigning Azure Active Directory Identities to Kubernetes Applications. A security vulnerability exists in AAD Pod Identity versions prior to 1.8.13 that stems from the NMI component intercepting and validating token requests based on regular expressions,...

GHSA-XJMJ-P278-4JP5 OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

Information Exposure

Overview facter is a library for collecting and displaying system facts Affected versions of this package are vulnerable to Information Exposure that allows local users to obtain sensitive Amazon EC2 IAM instance metadata. Remediation Upgrade facter to version 2.4.1 or higher. References - GitHub...

Oracle Cloud Infrastructure Instance Metadata Enumeration (Windows)

Binary data enumerateociwin.nbin...

Oracle Cloud Infrastructure Instance Metadata Enumeration (Linux / Unix)

The remote host is an OCI Oracle Cloud Infrastructure instance for which metadata could be retrieved. TRUSTED...

Microsoft Azure Virtual Machine信息泄露漏洞（CVE-2021-27075）

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...

The vulnerability of Microsoft Azure Kubernetes operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of Microsoft Azure Kubernetes operating system-related to Windows is related to information disclosure. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a specially crafted IMDS request...

PT-2021-1676 · Microsoft · Azure Active Directory

Name of the Vulnerable Software and Affected Versions: Azure Active Directory affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Azure Active Directory Pod Identity service. It may allow an attacker to gain unauthorized access to...

Vulnerability fixed in Microsoft Azure Active Directory Pod Identity

There is a vulnerability in Azure Active Directory AAD Pod Identity. The vulnerability allows a malicious person to impersonate another user. The AAD pod identity allows users to assign identities to pods in Kubernetes clusters by querying them with regular Azure Instance Metadata Services IMDS...