8 matches found
Vulnerability fixed in CrowdStrike Falcon sensor
CrowdStrike has fixed a vulnerability in its Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability is in the Falcon sensor's validation logic, which could lead to a man-in-the-middle attack. While there is no evidence of exploitation relat...
CVE-2025-1146
CrowdStrike uses industry-standard TLS transport layer security to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where o...
CVE-2025-1146 CrowdStrike Falcon Sensor for Linux TLS Issue
CrowdStrike uses industry-standard TLS transport layer security to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where o...
CrowdStrike Falcon 安全漏洞
CrowdStrike Falcon is an endpoint, cloud and identity protection product from CrowdStrike, Inc. in the United States. A security vulnerability exists in CrowdStrike Falcon that stems from an error in the TLS connection routine validation logic, which can lead to a man-in-the-middle attack. The...
GHSA-JWV5-8MQV-G387 Cross-site scripting on application summary component
Summary Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. Impact All unpatched versions of Argo CD starting with v1.0.0 are...
Cross site scripting
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...
CVE-2024-28175
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...
CVE-2024-28175
CVE-2024-28175 – Argo CD XSS vulnerability. Due to improper URL protocol filtering in the application summary component’s link annotations (link.argocd.argoproj.io), an attacker can inject a javascript: link and trigger cross-site scripting with elevated permissions when a victim clicks it. The i...