31 matches found
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...
CVE-2025-32355
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...
Rocket TRUfusion Enterprise 安全漏洞
Rocket TRUfusion Enterprise is a product lifecycle management platform developed by the American company Rocket. Versions of Rocket TRUfusion Enterprise 7.10.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper reverse proxy configuration, which allows absolu...
SUSE CVE-2025-11393
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
GHSA-CC8C-28GJ-PX38 Misconfigured Internal Proxy in runtimes-inventory-rhel8-operator Grants Standard Users Full Cluster Administrator Access
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
CVE-2025-11393
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
CVE-2025-11393
The CVE-2025-11393 entry concerns a misconfigured internal proxy in runtimes-inventory-rhel8-operator. The root cause is an internal proxy component that attaches the cluster’s main administrative credentials to any command, enabling a standard user to issue unauthorized commands with full cluste...
CVE-2025-11393
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
EUVD-2025-203395
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
CVE-2025-11393 Insights-runtimes-tech-preview/runtimes-inventory-rhel8-operator: improper proxy configuration allows unauthorized administrative commands
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
CVE-2025-11393 Insights-runtimes-tech-preview/runtimes-inventory-rhel8-operator: improper proxy configuration allows unauthorized administrative commands
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
CVE-2025-11393
A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...
PT-2025-51254
Name of the Vulnerable Software and Affected Versions runtimes-inventory-rhel8-operator affected versions not specified Description A configuration issue exists in an internal proxy component of runtimes-inventory-rhel8-operator. The proxy incorrectly attaches the cluster’s administrative...
Red Hat build of Keycloak 代码问题漏洞
Red Hat build of Keycloak is a web application for single sign-on from Red Hat USA. A code issue vulnerability exists in the Red Hat build of Keycloak, which stems from a proxy misconfiguration that could result in accessing the /admin path via a non-normalized path...
EUVD-2024-33766
Malicious code in bioql PyPI...
EUVD-2022-41744
Malicious code in bioql PyPI...
CVE-2020-5207
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' through the proxy server configuration. An attacker can...
CVE-2022-39205
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the...
CVE-2024-11234
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...