Lucene search
K

4 matches found

OSV
OSV
added 2022/10/31 5:9 p.m.63 views

GO-2022-1043 Hardcoded hashed password in github.com/flyteorg/flyteadmin

Default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller...

7.5CVSS6.1AI score0.0067EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/06/03 3:35 p.m.25 views

Server-Side Request Forgery in gogs webhook

Impact The malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected. Patches Webhook payload URLs are revalidated before each delivery to make sure they are not resolved to blocked local network...

8.3CVSS0.01193EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/14 10:57 p.m.13 views

SSRF in repository migration

Impact The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected. Patches Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to...

1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/14 12:0 a.m.14 views

SSRF in repository migration

Impact The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected. Patches Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to...

1AI score
Exploits0References3Affected Software1
Rows per page
Query Builder