59 matches found
CVE-2021-28667
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data from an action or rule name...
EUVD-2018-12903
Malware in sbrugna...
EUVD-2022-2150
Malicious code in bioql PyPI...
EUVD-2021-31477
Malicious code in bioql PyPI...
EUVD-2022-46688
Malicious code in bioql PyPI...
EUVD-2022-46972
Malicious code in bioql PyPI...
CVE-2022-44009
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
CVE-2018-20345
Incorrect access control in StackStorm API st2api in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker who has a StackStorm account and is authenticated against the StackStorm API to retrieve datastore items for other users by utilizing the /v1/keys "?scope=all" and "?user=" que...
MAL-2024-11714 Malicious code in stackstorm-runner-action-chain (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0cc9e6be890f15ba83b67af002dc0fdec59a68ebdd2696ab5168df443ed2dabf Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in stackstorm-runner-action-chain (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0cc9e6be890f15ba83b67af002dc0fdec59a68ebdd2696ab5168df443ed2dabf Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2022-44009
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...
CVE-2022-44009
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...
Improper access control
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...
StackStorm 安全漏洞
StackStorm is an event-driven automation platform. The platform is used for automated remediation, security response, troubleshooting and program deployment functions. A security vulnerability exists in StackStorm version 3.7.0, which stems from improper Key-Value RBAC access control that fails t...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
CVE-2022-44009
StackStorm 3.7.0 is affected by an improper access control flaw in Key-Value RBAC, where permissions checks are not applied in Jinja filters. This could allow an attacker to access another user’s K/V pairs and potentially expose sensitive information. The provided documents consistently describe ...
CVE-2022-44009
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information...