Lucene search
K

143 matches found

Cvelist
Cvelist
added 2023/07/12 9:8 a.m.32 views

CVE-2023-30429 Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar...

9.6CVSS9.7AI score0.00733EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/12 9:8 a.m.13 views

CVE-2023-30429 Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar...

9.6CVSS9.5AI score0.00733EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.7 views

PT-2023-22686 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions prior to 2.10.4 Apache Pulsar version 2.11.0 Description: The issue affects Apache Pulsar when a client connects to the Pulsar Function Worker via the Pulsar Proxy, which uses mTLS authentication. The Pulsar Function...

9.6CVSS8.9AI score0.00733EPSS
Exploits0References7
Veracode
Veracode
added 2023/07/02 10:51 a.m.30 views

Improper Certificate Validation

org.keycloak:keycloak-services is vulnerable to Improper Certificate Validation. The vulnerability exists in the authenticateClient function of X509ClientAuthenticator.java because it does not properly verify the client certificates when the application is configured to support mTLS authenticatio...

7.1CVSS6.9AI score0.00522EPSS
Exploits0References10Affected Software2
Github Security Blog
Github Security Blog
added 2023/06/30 8:31 p.m.54 views

Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients

When a Keycloak server is configured to support mTLS authentication for OAuth/OpenID clients, it does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client and therefore access data that belongs to other clients...

7.1CVSS7AI score0.00522EPSS
Exploits0References11Affected Software1
RedhatCVE
RedhatCVE
added 2023/06/26 6:48 p.m.70 views

CVE-2023-2422

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...

5.5CVSS7.5AI score0.00522EPSS
Exploits0References3
Cloud Foundry
Cloud Foundry
added 2023/05/18 12:0 a.m.26 views

CVE-2023-20881: CAs for syslog-drain mtls feature can be overwritten | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description Users on cf may override other users syslog drain credentials if they’re aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and...

8.1CVSS8AI score0.00362EPSS
Exploits0
Veracode
Veracode
added 2023/04/11 9:34 a.m.40 views

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to Privilege Escalation. Unauthenticated HTTP requests could bypass ACL authorizations when processed on servers through internal RPCs, allowing a job to be submitted to the cluster without mTLS enabled, which elevates user privileges...

9.9CVSS8.9AI score0.00759EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2023/04/05 9:30 p.m.23 views

HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

9.9CVSS8.7AI score0.00759EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/04/05 8:15 p.m.15 views

CVE-2023-1782

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

9.9CVSS9.3AI score0.00759EPSS
Exploits0References1
OSV
OSV
added 2023/04/05 8:15 p.m.9 views

CVE-2023-1782

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

9.8CVSS9.5AI score
Exploits0References1
Prion
Prion
added 2023/04/05 8:15 p.m.10 views

Design/Logic Flaw

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

7.5CVSS9.1AI score0.00759EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/05 8:15 p.m.22 views

CVE-2023-1782

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

9.9CVSS7.2AI score0.00759EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/04/05 7:10 p.m.17 views

CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

9.9CVSS9.5AI score0.00759EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/05 7:10 p.m.8 views

CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...

9.9CVSS9.3AI score0.00759EPSS
Exploits0References1
CVE
CVE
added 2023/04/05 7:10 p.m.72 views

CVE-2023-1782

CVE-2023-1782 affects HashiCorp Nomad and Nomad Enterprise versions 1.5.0 through 1.5.2, where unauthenticated users can bypass ACL authorizations in clusters that do not use mTLS. Root cause: ACL bypass due to missing/authz checks under non-mTLS configurations. Impact is described as total acces...

9.9CVSS9.2AI score0.00759EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2023/04/05 7:10 p.m.24 views

CVE-2023-1782

Removed by vendor...

9.9CVSS9.2AI score0.00759EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/04/05 12:13 p.m.37 views

CVE-2023-27493

A flaw was found in Envoy. Envoy doesn't escape HTTP header values due to a specifically constructed HTTP request or mTLS connection with a specifically crafted client certificate. Envoy configuration must also include an option to add request headers that were generated using inputs from the...

8.1CVSS8.7AI score0.00507EPSS
Exploits1References3
NVD
NVD
added 2023/02/03 7:15 p.m.25 views

CVE-2022-31733

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then a...

9.1CVSS9.2AI score0.00378EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/03 12:0 a.m.29 views

CVE-2022-31733

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then a...

9.3AI score0.00378EPSS
Exploits0References1
Rows per page
Query Builder