Lucene search
+L

29 matches found

osv
osv
added 2026/07/01 6:43 p.m.17 views

GHSA-6C87-G9PW-78FX Contrast's Imagepuller registryFor uses unanchored suffix matching, leaking auth credentials and trusted CA configuration to sibling-domain registries

Summary Config.registryFor selected a per-registry credential / CA / mirror block by checking strings.HasSuffixname, fqdn after stripping a single trailing dot. The match has no boundary between the configured FQDN and any preceding characters in the request hostname. A registry configured as...

3.7CVSS5.8AI score
Exploits0References4
veracode
veracode
added 2026/05/16 5:36 a.m.11 views

Improper Certificate Validation

rancher is vulnerable to Improper Certificate Validation. The vulnerability is due to the Rancher CLI automatically retrieving and trusting CA certificates from Rancher’s cacerts setting when the -skip-verify flag is used without the --cacert flag, potentially allowing attackers to influence...

8.3CVSS5.8AI score0.00153EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2026/04/06 5:17 p.m.18 views

CVE-2026-35036

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts ...

7.5CVSS0.00327EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/02/26 10:35 p.m.8 views

CVE-2025-67601

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

8.3CVSS5.3AI score0.00153EPSS
Exploits0References1
snyk
snyk
added 2026/02/25 3:25 p.m.1 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CLI login command when the -skip-verify flag is used without the --cacert flag. An attacker can intercept sensitive information or perform man-in-the-middle attacks by exploiting the lack of proper...

8.3CVSS5.9AI score0.00153EPSS
Exploits0References2
nvd
nvd
added 2026/02/25 11:16 a.m.9 views

CVE-2025-67601

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

8.3CVSS0.00153EPSS
Exploits0References2
osv
osv
added 2026/02/25 10:36 a.m.11 views

CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

8.3CVSS5.8AI score0.00153EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/02/25 10:36 a.m.4 views

CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

8.3CVSS5.3AI score0.00153EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/25 10:36 a.m.4 views

CVE-2025-67601

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

8.3CVSS5.3AI score0.00153EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2026/02/25 12:0 a.m.7 views

SUSE Rancher 信任管理问题漏洞

SUSE Rancher is a Kubernetes management platform developed by the German company SUSE. SUSE Rancher has a vulnerability related to trust management. This vulnerability arises from the use of self-signed CA certificates and the passing of the -skip-verify flag to the Rancher CLI login command...

8.3CVSS5.8AI score0.00153EPSS
Exploits0References2
snyk
snyk
added 2026/02/04 6:41 p.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...

9.3CVSS5.4AI score0.00234EPSS
Exploits1References2
snyk
snyk
added 2026/02/04 6:41 p.m.7 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...

9.3CVSS5.4AI score0.00234EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/02/02 12:0 a.m.15 views

PT-2026-5724

Name of the Vulnerable Software and Affected Versions OpenList versions prior to 4.1.10 Description The OpenList application disables TLS certificate verification by default for all outgoing storage driver communications, creating a risk of Man-in-the-Middle MitM attacks. This allows attackers to...

8.1CVSS5.3AI score0.00239EPSS
Exploits0References12
snyk
snyk
added 2025/12/08 4:43 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to inverted logic in the InsecureSkipVerify field when processing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. An attacker can intercept and read sensitive data by performing...

8.2CVSS6.7AI score0.00213EPSS
Exploits0References2
redhat
redhat
added 2024/05/22 9:48 a.m.3 views

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

6.5CVSS7.1AI score0.06975EPSS
Exploits1References6
redhat
redhat
added 2022/11/15 1:20 p.m.2 views

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

6.5CVSS7.1AI score0.06975EPSS
Exploits1References6
redhat
redhat
added 2022/03/23 10:12 p.m.3 views

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

6.5CVSS7.1AI score0.06975EPSS
Exploits1References6
redhat
redhat
added 2022/01/25 1:55 p.m.5 views

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

6.5CVSS7.1AI score0.06975EPSS
Exploits1References6
redhat
redhat
added 2022/01/24 1:53 p.m.6 views

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

6.5CVSS7.1AI score0.06975EPSS
Exploits1References6
redhat
redhat
added 2021/11/17 3:38 p.m.5 views

golang: crypto/tls: certificate of wrong type is causing TLS client to panic

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...

6.5CVSS7.1AI score0.06975EPSS
Exploits1References6
Rows per page
Query Builder