15 matches found
CVE-2026-42602
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate to any...
GHSA-WG65-39GG-5WFJ Prometheus Azure AD remote write OAuth client secret exposed via config API
Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...
Azure File Sync Agent v19 Release – September 2024
Azure File Sync Agent v19 Release – September 2024 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v19 release that is dated September 2024. Additionally, this article contains installation instructions for this release. Improvements and issues that...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Overview Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only...
Newly Discovered "By-Design" Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers
A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. "It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal...
Newly Discovered "By-Design" Flaw in Microsoft Azure Could Expose Storage Accounts to Hackers
A "by-design flaw" uncovered in Microsoft Azure could be exploited by attackers to gain access to storage accounts, move laterally in the environment, and even execute remote code. "It is possible to abuse and leverage Microsoft Storage Accounts by manipulating Azure Functions to steal...
Fedora: Security Advisory for freeipa (FEDORA-2022-4555909843)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Spring Cloud Azure 4.0 is Now Generally Available
NOTE: Hi, Spring fans! This is a guest post from Sean Li, our friend at Microsoft I am pleased to announce that Spring Cloud Azure 4.0 is now generally available. With this major release we aim to bring better security, leaner dependencies, support for production readiness and more. Version 4...
Microsoft Azure 'AutoWarp' Bug Could Have Let Attackers Access Customers' Accounts
Details have been disclosed about a now-addressed critical vulnerability in Microsoft's Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control. "This attack could mean full control over resources and data belonging to the...
Disclosure of Vulnerability in Azure Automation Managed Identity Tokens
On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identities tokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens...
Disclosure of Vulnerability in Azure Automation Managed Identity Tokens
On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens...
Disclosure of Vulnerability in Azure Automation Managed Identity Tokens
On December 10, 2021, Microsoft mitigated a vulnerability in the Azure Automation service. Azure Automation accounts that used Managed Identitiestokens for authorization and an Azure Sandbox for job runtime and execution were exposed. Microsoft has not detected evidence of misuse of tokens...
[SECURITY] Fedora 31 Update: freeipa-4.8.3-1.fc31
IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...
Extraneous SSH Public Keys added to Authorized Keys file on Linux VM
Extraneous SSH Public Keys added to Authorized Keys file on Linux VM Summary In addition to letting users provide their own SSH keypairs for authentication, the Microsoft Azure platform relies on SSH keypairs to enable some features that are added to the virtual machine VM at deployment time. We...
Fedora Update for freeipa FEDORA-2013-1445
Check for the Version of freeipa OpenVAS Vulnerability Test Fedora Update for freeipa FEDORA-2013-1445 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...