3 matches found
GHSA-6XVF-4VH9-MW47 Minder does not sandbox http.send in Rego programs
Impact Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to for example, if the Minder server is behind a firewall or other network partition. Patches...
Minder does not sandbox http.send in Rego programs
Impact Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to for example, if the Minder server is behind a firewall or other network partition. Patches...
Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code IaC and policy-as-code PaC tools like HashiCorp's Terraform and Styra's Open Policy Agent OPA that leverage dedicated, domain-specific languages DSLs to breach cloud platforms and exfiltrate data...