10 matches found
CVE-2022-31145
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...
EUVD-2023-33708
Malicious code in bioql PyPI...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +37113 more potentially affected by CVE-2024-38820 via org.springframework:spring-web (>=1.2.1 <=5.3.4)
org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-38820 Source advisory: OSV:GHSA-4GC7-5J7H-4QPH...
cn.com.tltim.pigx:pigx-common-security (=5.0.0-20240820), cn.com.tltim.pigx:pigx-common-websocket (=5.0.0-20240820) +46 more potentially affected by CVE-2024-22258 via org.springframework.security:spring-security-oauth2-authorization-server (>=0.2.0 <=1.1.5)
org.springframework.security:spring-security-oauth2-authorization-server MAVEN version =0.2.0, =0.0.1-alpha.1, =3.1.5.2, =2.7.7.3, =2.7.7.4, =2.7.0.0, =2.7.0.0, =2.7.1.2, =2.7.0.0, =3.0.6.4, =2023.0.0.2-alpha.1, =2023.0.0.2-alpha.2 - com.github.paganini2008.doodler:doodler-common-oauth =1.0.0-bet...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +36758 more potentially affected by CVE-2024-22259 via org.springframework:spring-web (>=1.2.1 <=5.3.32)
org.springframework:spring-web MAVEN version =1.2.1, =1.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2024-22259 Source advisory: OSV:GHSA-HGJH-9RJ2-G67J...
FlyteAdmin Insufficient AccessToken Expiration Check
Impact Authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Using flyteadmin as the OAuth2 Authorization Server is unaffected by this issue. Patches 1.1.30 Workarounds Rotating signing keys immediately will: Invalidate all...
CVE-2022-31145
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...
Authorization
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...
CVE-2022-31145 Insufficient AccessToken Expiration Check in FlyteAdmin
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users who use FlyteAdmin...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +1533 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-core (>=5.5.0 <=5.5.6)
org.springframework.security:spring-security-core MAVEN version =5.5.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.13.0, =1.13.0, =2.2.0 - be.jidoka:jdk-keycloak-admin =1.2.0 and more Source cves: CVE-2022-22978 Source advisory:...