56 matches found
EUVD-2022-2502
Malicious code in bioql PyPI...
CVE-2019-10285
Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CBL Mariner 2.0 Security Update: kubernetes (CVE-2023-5528)
The version of kubernetes installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5528 advisory. - A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on...
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to remote authentication attack due to Kubernetes Scheduler code ( CVE-2023-5528 )
Summary Kubernetes Scheduler code is used by IBM Cloud Pak for Data Scheduling as part of the scheduling binaries. CVE-2023-5528. Vulnerability Details CVEID:CVE-2023-5528 DESCRIPTION: Kubernetes kubelet could allow a remote authenticated attacker to gain elevated privileges on the system, caused...
CVE-2024-28174
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity has an authorization issue...
PT-2024-2098 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.11.4 Description: The issue is related to improper authorization of presigned URL generation requests in the S3 Artifact Storage plugin. This could allow a remote attacker to bypass existing security...
PT-2024-20674 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.11.2 Description: The issue is related to missing access control at the S3 Artifact Storage plugin endpoint. This could potentially allow unauthorized access. Recommendations: For versions prior to...
Hitachi Storage Plug-in for VMware vCenter Security Vulnerability
Hitachi Storage Plug-in for VMware vCenter is a plug-in from Hitachi, Japan. It allows integrated management of Hitachie storage systems in vCenter. A security vulnerability exists in Hitachi Storage Plug-in versions 04.0.0 through 04.9.2, which stems from incorrect default permissions...
CVE-2023-5528
A flaw was found in Kubernetes, where a user who can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
GHSA-HQ6Q-C2X6-HMCH Kubernetes Improper Input Validation vulnerability
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
Kubernetes Improper Input Validation vulnerability
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
CVE-2023-5528
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
AZL-34894 CVE-2023-5528 affecting package kubernetes for versions less than 1.28.7-2
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
CVE-2023-5528
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
CVE-2023-5528 Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
CVE-2023-5528 Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...
Insufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes
CVSS Rating: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - HIGH 7.2 A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they ar...
Apache Traffic Server 信息泄露漏洞
Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an information disclosure vulnerability that stems from the application exposing sensitive information and is vulnerable to HTTP/2 and s3...
Information Disclosure
org.rundeck:rundeck is vulnerable to information disclosure. A faulty mechanism in key storage converter plugin may cause credentials to be written in plaintext to the backend storage, which allows remote attackers to gain access to confidential keys and passwords...