17 matches found
EUVD-2023-2699
Malicious code in bioql PyPI...
CVE-2025-58069
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
CVE-2025-58069 AutomationDirect CLICK PLUS Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
CVE-2025-58069
The CVE pertains to AutomationDirect CLICK PLUS firmware 3.60, where a hard-coded AES key is used to protect the initial messages of a new KOPS session. Root cause: hard-coded cryptographic key stored in the firmware. Impact: potential exposure of the cryptographic key and associated initial comm...
GO-2023-2125 kOps privilege escalation vulnerability in k8s.io/kops
kOps privilege escalation vulnerability in k8s.io/kops...
Privilege Escalation
kOps is vulnerable to Privilege Escalation. The vulnerability is caused when running kOps with the GCP Provider in Gossip Mode, where Node service account credentials could be used by a container running in the cluster to retrieve sensitive information from the state storage bucket and escalate t...
GHSA-8GWJ-M6VH-2G6J kOps privilege escalation vulnerability
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode...
kOps privilege escalation vulnerability
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode...
CVE-2023-1943
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode...
CVE-2023-1943
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode...
Privilege escalation
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode...
CVE-2023-1943 Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode...
CVE-2023-1943 Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode
Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode...
CVE-2023-1943
KOps Privilege Escalation (CVE-2023-1943): A vulnerability occurs when using the GCE/GCP provider in Gossip Mode, where node service account credentials could be accessed by a container in the cluster to retrieve sensitive information from the state storage bucket and escalate to cluster-admin pe...
CVE-2023-1943
A flaw was found in the Kubernetes kOps. Affected versions of Kubernetes kOps could allow a remote authenticated attacker to gain elevated privileges on the system caused by a vulnerability when using the GCE/GCP Provider in Gossip Mode. By sending a specially-crafted request, an authenticated...
Kubernetes: Privilege Escalation in kOps using GCE/GCP Provider
A privilege escalation vulnerability was discovered in kOps when using the GCE/GCP provider. An attacker with shell access to a pod could escalate their privileges to cluster admin by accessing the service account credentials and sensitive information stored in the state storage bucket. This...
Kubernetes: KOPS documentation references domains which were not registered
Summary: While researching the kubernetes documentation, I found that the KOPS project's Route53 configuration references dangling DNS servers. I was able to register 3 / 4 of these domain names. I was also able to verify that some companies have been using this configuration, making them...