MAL-2025-46941 Malicious code in proto-trust-metadata-api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b87774d0bcfbcd33d81c38f3c6d26c986559b07bc1e15717164022afe4de346c The OpenSSF Package Analysis project identified 'proto-trust-metadata-api' @ 99.99.99 rubygems as malicious. It is considered malicious because:...

Malicious code in proto-registry-metadata-api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1f7ab6f94cef6b0a1e53365370e91527c5c546ab409345d8a77877f5927f677 The OpenSSF Package Analysis project identified 'proto-registry-metadata-api' @ 1.11.3.87.g981ef7d3d rubygems as malicious. It is considered...

MAL-2025-46920 Malicious code in proto-registry-metadata-api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1f7ab6f94cef6b0a1e53365370e91527c5c546ab409345d8a77877f5927f677 The OpenSSF Package Analysis project identified 'proto-registry-metadata-api' @ 1.11.3.87.g981ef7d3d rubygems as malicious. It is considered...

SUSE CVE-2025-47871

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive informatio...

CVE-2025-47871 Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive informatio...

PT-2025-27458 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.5 Mattermost versions 9.11.x through 9.11.15 Mattermost versions 10.8.x through 10.8.0 Mattermost versions 10.7.x through 10.7.2 Mattermost versions 10.6.x through 10.6.5 Description: The issue is relat...

Linux Distros Unpatched Vulnerability : CVE-2022-23451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or...

Redshift ODBC Driver 安全漏洞

Redshift ODBC Driver is an Amazon ODBC driver that is open source by Amazon Web Services. A security vulnerability exists in Redshift ODBC Driver version 2.1.5.0, which stems from an SQL injection vulnerability that could allow a user to gain escalated privileges via the SQLTables or SQLColumns...

Harbor fails to validate the user permissions when updating project configurations

Impact Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations - API call: - PUT /projects/projectnameorid/metadatas/metaname - POST /projects/projectnameorid/metadatas/metaname - DELETE /projects/projectnameorid/metadatas/metaname By sendin...

CVE-2024-23825 TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...

Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster

Impact An issue was discovered in Rancher where an authorization logic flaw allows an authenticated user on any downstream cluster to 1 open a shell pod in the Rancher local cluster and 2 have limited kubectl access to it. The expected behavior is that a user does not have such access in the...

Authorization

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

CVE-2022-23451

CVE-2022-23451 concerns openstack-barbican. The issue is an authorization flaw where default secret-metadata API policy allows any authenticated user to add/modify/delete metadata on any secret, compromising ownership and enabling denial of service by resource consumption. The impact is described...

Malicious code in metadata-api-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea84c6a9316d39ddaee318d62563bf1137cb78cce3403ef4d78100a9e5770ecf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4568 Malicious code in metadata-api-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea84c6a9316d39ddaee318d62563bf1137cb78cce3403ef4d78100a9e5770ecf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ubuntu 18.04 LTS / 20.04 LTS : Barbican vulnerabilities (USN-5387-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5387-1 advisory. Douglas Mendizbal discovered that Barbican incorrectly handled access restrictions. An authenticated attacker could possibly use this issue t...

GitLab: GitLab's GitHub integration is vulnerable to SSRF vulnerability

The GitHub service is vulnerable to a SSRF vulnerability. An attacker may be able to leverage this to make arbitrary POST requests in a GitLab instance's internal network. It can also be used to connect to cloud provider's instance metadata API, which may result in the ability to execute commands...

██████: Remote Code Execution on Proxy Service (as root)

The proxy service used to provide researchers with access to certain programs on ██████ allows access to AWS's Metadata API. This Metadata API in turn is configured to expose temporary AWS access credentials for the AWS EC2 Run Command role. When this role is assumed by an AWS client e.g. the CLI...

Fedora 17 : openstack-nova-2012.1-2.fc17 (2012-6273)

Sync up with Essex stable branch - Support more flexible guest image file injection - Enforce quota on security group rules CVE-2012-2101 - Provide startup scripts for the Essex VNC services - Provide a startup script for the separated metadata api service update to essex release Note that...