4 matches found
GO-2022-1043 Hardcoded hashed password in github.com/flyteorg/flyteadmin
Default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller...
Server-Side Request Forgery in gogs webhook
Impact The malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected. Patches Webhook payload URLs are revalidated before each delivery to make sure they are not resolved to blocked local network...
SSRF in repository migration
Impact The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected. Patches Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to...
SSRF in repository migration
Impact The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected. Patches Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to...