Link Injection

Apache Airflow is vulnerable to Link Injection. The vulnerability is due to improper validation for urls in the provider list within the file views.py, which allows an authenticated attacker to inject a malicious link when installing a provider...

CVE-2021-21378 JWT authentication bypass with unknown issuer token

Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the allowmissing requirement under...

Envoy 授权问题漏洞

Envoy is an open source distributed proxy server. Envoy is vulnerable to an authorization issue, which could be exploited by an attacker to bypass authentication by providing a JWT token to an issuer that is not in the provider list...

Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers

Cloudlist is a multi-cloud tool for getting Assets Hostnames, IP Addresses from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts...

PT-2019-8724 · Jenkins · Jenkins Config File Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.1 and earlier Description: A cross-site scripting issue exists in the configfiles.jelly and providerlist.jelly files, allowing users who can configure configuration files to insert arbitrary HTML...