5 matches found
CVE-2025-9276 Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw...
CVE-2025-9276 Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-request-cert container image. The specific flaw...
Cockroach Labs cockroach-k8s-request-cert 安全漏洞
Cockroach Labs cockroach-k8s-request-cert is a container image from Cockroach Labs, Inc. A security vulnerability exists in Cockroach Labs cockroach-k8s-request-cert, which stems from an empty root password setting and could lead to authentication bypass...
PT-2025-34183
Name of the Vulnerable Software and Affected Versions: Cockroach Labs cockroach-k8s-request-cert affected versions not specified Description: The cockroach-k8s-request-cert component is susceptible to an authentication bypass due to an empty root password. This allows unauthorized access...
GHSA-2CPX-6PQP-WF35 fs2-io skips mTLS client verification
Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...