Authorization

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...

CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...

CVE-2023-22736

A flaw was found in Red Hat GitOps, which is vulnerable to an authorization bypass in ArgoCD. This flaw allows users to deploy applications outside the allowed namespaces. The issue happens due to a logic error when interpreting the comma-separated namespaces list. To complete the attack, the...

PT-2023-1338

Name of the Vulnerable Software and Affected Versions Argo CD versions 2.5.0-rc1 through 2.5.7 Argo CD version 2.6.0-rc4 Description The issue is related to an authorization bypass bug in Argo CD, a declarative, GitOps continuous delivery tool for Kubernetes. This bug allows a malicious Argo CD...

Enhancing Kubernetes security with user namespaces

Learn how to improve cluster security with user namespaces, a new feature introduced in Kubernetes v1.25...

Popeye - A Kubernetes Cluster Resource Sanitizer

Popeye - A Kubernetes Cluster Sanitizer Popeye is a utility that scans live Kubernetes cluster and reports potential issues with deployed resources and configurations. It sanitizes your cluster based on what's deployed and not what's sitting on disk. By scanning your cluster, it detects...

CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Mitigation This flaw can be mitigated by...

Prototype Pollution

nodebb is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the Namespaces attribute in the index.js and modify attributes such as proto, constructor, and prototype...

Capsule Console 安全漏洞

Capsule Console is a web interface for Capsule8 from Capsule USA, Inc. for event management, sensor configuration, and system analysis. A security vulnerability exists in versions of Capsule prior to 0.1.3, which stems from the fact that an attacker can detach namespaces from tenants that are...

kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

A use-after-free vulnerability was found in the tcnewtfilter function in net/sched/clsapi.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation...

kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

A use-after-free vulnerability was found in the tcnewtfilter function in net/sched/clsapi.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation...

Linux Kernel Privilege Escalation Vulnerability

The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation...

VulnCheck KEV: CVE-2021-3493

The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation...

Input validation

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2428)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When setting font with malicous data by ioctl cmd PIOFONT,kernel will write memory out of bounds. CVE-2021-33656 - In lgprobe and related...

Fedora: Security Advisory for firejail (FEDORA-2022-e8e9b50a33)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: firejail-0.9.70-1.fc36

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces. It includes a sandbox profile for Mozilla Firefox...

[SECURITY] Fedora 35 Update: firejail-0.9.70-1.fc35

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces. It includes a sandbox profile for Mozilla Firefox...

[SECURITY] Fedora 37 Update: firejail-0.9.70-1.fc37

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces. It includes a sandbox profile for Mozilla Firefox...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-2321)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When setting font with malicous data by ioctl cmd PIOFONT,kernel will write memory out of bounds. CVE-2021-33656 - In lgprobe and related...