6 matches found
goshs has a file-based ACL authorization bypass in goshs state-changing routes
Summary goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can upload files with PUT, upload files with multipart POST /upload,...
CVE-2026-40189
CVE-2026-40189 affects goshs, a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces per-folder .goshs ACL/basic-auth for directory listings and file reads but does not enforce the same authorization checks for state-changing routes. An unauthenticated attacker can perform state-...
PT-2026-25861
Name of the Vulnerable Software and Affected Versions Fullchain versions prior to 0.1.1 Description Fullchain is a platform for deploying CTF Capture The Flag environments. A misconfigured NetworkPolicy allows a malicious actor to move laterally from a compromised application to any Pod in a...
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy patches the...
kernel: out-of-bounds array access in __xfrm_policy_unlink
A flaw was found in the Linux kernel. When xfrm policy removal occurs a system crash could occur. These policy changes generally occur through the ip command or a netlink socket...
Re: multiple payload handling flaws in isakmpd, again
There is one important thing I forgot to mention. In isakmpd deleting an IPsec SA also means deleting the appropriate IPsec policy in almost any case. Take a look at pfkeyv2deletespi in pfkeyv2.c. It calls pfkeyv2disablesa, the policy eraser ;-, if the SA was not acquired through the kernel: if...