25 matches found
CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names
Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...
PT-2026-37193
Name of the Vulnerable Software and Affected Versions Argo Workflows versions 4.0.0 through 4.0.4 Description The workflow executor logs artifact repository credentials in plaintext during artifact operations. This occurs because the logging driver passes the entire ArtifactDriver struct to the...
CVE-2026-33551
A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...
EUVD-2026-19360
Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...
GHSA-P5RH-VMHP-GVCW Dgraph: Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization
The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...
BIT-MINIO-2026-33322 MinIO: JWT Algorithm Confusion in OIDC Authentication
MinIO is a high-performance object storage system. From 2022.11.08 to before 2026.03.17, a JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy...
CVE-2026-33322
CVE-2026-33322 (MinIO) is a JWT algorithm confusion vulnerability in MinIO’s OpenID Connect authentication. From RELEASE.2022-11-08T05-27-07Z up to but not including RELEASE.2026-03-17T21-25-16Z, an attacker who knows the OIDC ClientSecret can forge arbitrary identity tokens and obtain S3 credent...
MinIO 授权问题漏洞
MinIO is an open-source object storage server developed by the American company MinIO. This product supports the creation of infrastructures for machine learning, analysis, and application data workloads. Versions of MinIO prior to RELEASE.2022-11-08T05-27-07Z to RELEASE.2026-03-17T21-25-16Z...
MinIO has JWT Algorithm Confusion in OIDC Authentication
Impact What kind of vulnerability is it? Who is impacted? A JWT algorithm confusion vulnerability in MinIO's OpenID Connect authentication allows an attacker who knows the OIDC ClientSecret to forge arbitrary identity tokens and obtain S3 credentials with any policy, including consoleAdmin. An...
EUVD-2023-44028
Malicious code in bioql PyPI...
GO-2023-2398 lakeFS logs S3 credentials in plain text in github.com/treeverse/lakefs
lakeFS logs S3 credentials in plain text in github.com/treeverse/lakefs...
GHSA-4RGC-5G6R-2RJF lakeFS logs S3 credentials in plain text
Impact S3 credentials are logged in plain text S3Creds:Key:AKIAIOSFODNN7EXAMPLE Secret:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY appears as part of the log message: time="2023-05-12T13:51:52Z" level=error msg="failed to perform diff" func="pkg/plugins/diff.Service.RunDiff"...
lakeFS logs S3 credentials in plain text
Impact S3 credentials are logged in plain text S3Creds:Key:AKIAIOSFODNN7EXAMPLE Secret:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY appears as part of the log message: time="2023-05-12T13:51:52Z" level=error msg="failed to perform diff" func="pkg/plugins/diff.Service.RunDiff"...
CVE-2023-3361
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster ds pipeline server and saves them in plain text in the generated output instead of an ID for a Kubernetes secret...
CVE-2023-3361
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster ds pipeline server and saves them in plain text in the generated output instead of an ID for a Kubernetes secret...
Design/Logic Flaw
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster ds pipeline server and saves them in plain text in the generated output instead of an ID for a Kubernetes secret...
CVE-2023-3361 S3 credentials included when exporting elyra notebook
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster ds pipeline server and saves them in plain text in the generated output instead of an ID for a Kubernetes secret...
CVE-2023-3361 S3 credentials included when exporting elyra notebook
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster ds pipeline server and saves them in plain text in the generated output instead of an ID for a Kubernetes secret...
PT-2023-24404 · Red Hat · Red Hat Openshift Data Science
Name of the Vulnerable Software and Affected Versions: Red Hat OpenShift Data Science affected versions not specified Description: A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials...
CVE-2023-3361
A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster ds pipeline server and saves them in plain text in the generated output instead of an ID for a Kubernetes secret...