Lucene search
K

8 matches found

NCSC
NCSC
added 2025/02/13 8:22 a.m.8 views

Vulnerability fixed in CrowdStrike Falcon sensor

CrowdStrike has fixed a vulnerability in its Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability is in the Falcon sensor's validation logic, which could lead to a man-in-the-middle attack. While there is no evidence of exploitation relat...

8.1CVSS6.7AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2025/02/12 7:15 p.m.27 views

CVE-2025-1146

CrowdStrike uses industry-standard TLS transport layer security to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where o...

8.1CVSS0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 6:27 p.m.15 views

CVE-2025-1146 CrowdStrike Falcon Sensor for Linux TLS Issue

CrowdStrike uses industry-standard TLS transport layer security to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where o...

8.1CVSS0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.3 views

CrowdStrike Falcon 安全漏洞

CrowdStrike Falcon is an endpoint, cloud and identity protection product from CrowdStrike, Inc. in the United States. A security vulnerability exists in CrowdStrike Falcon that stems from an error in the TLS connection routine validation logic, which can lead to a man-in-the-middle attack. The...

8.1CVSS6.5AI score0.00269EPSS
Exploits0References1
OSV
OSV
added 2024/03/15 7:46 p.m.21 views

GHSA-JWV5-8MQV-G387 Cross-site scripting on application summary component

Summary Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. Impact All unpatched versions of Argo CD starting with v1.0.0 are...

9CVSS6.9AI score0.00654EPSS
Exploits0References4
Prion
Prion
added 2024/03/13 9:16 p.m.22 views

Cross site scripting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

6CVSS6.1AI score0.00654EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 9:16 p.m.33 views

CVE-2024-28175

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

9CVSS8.5AI score0.00654EPSS
Exploits0References2
CVE
CVE
added 2024/03/13 8:48 p.m.358 views

CVE-2024-28175

CVE-2024-28175 – Argo CD XSS vulnerability. Due to improper URL protocol filtering in the application summary component’s link annotations (link.argocd.argoproj.io), an attacker can inject a javascript: link and trigger cross-site scripting with elevated permissions when a victim clicks it. The i...

9CVSS8.4AI score0.00654EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder