10 matches found
CVE-2024-41129 The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command
The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...
GHSA-C92W-72C5-9X59 kube-state-metrics may expose secret content in metrics
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c92w-72c5-9x59. This link is maintained to preserve external references. Original Description A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0...
GHSA-2V6X-FRW8-7R7F Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c92w-72c5-9x59. This link is maintained to preserve external references. Original Description A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0...
CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
Design/Logic Flaw
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
CVE-2019-10223
Kube-state-metrics before v1.7.2 exposes secret contents via metrics due to an experimental feature in v1.7.0/1.7.1 that combined with kubectl behavior can place secret data into metric labels. The issue was reverted and fixed in v1.7.2; users running 1.7.0/1.7.1 should upgrade to 1.7.2 as soon a...
WordPress Core 5.2.3 - Viewing UnauthenticatedPasswordPrivate Posts
WordPress Core 5.2.3 - Viewing UnauthenticatedPasswordPrivate Posts So far we know that adding ?static=1 to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - order with asc or desc - orderby - m with m=YYYY, m=YYYYMM or m=YYYYMMDD date format...
CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...