185 matches found
BIT-HELM-2022-36049 Flux2 Helm Controller denial of service
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...
BIT-EJBCA-2021-40088
An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints by verifying that...
CVE-2024-1030
A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated...
CVE-2024-1030
A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated...
CVE-2024-1029
A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux"alert'XSS' leads to cross site scripting. The attack may be...
Cross site scripting
A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux"alert'XSS' leads to cross site scripting. The attack may be...
PT-2024-16172 · Cogites · Cogites Ereserv
Name of the Vulnerable Software and Affected Versions: Cogites eReserv version 7.7.58 Description: A vulnerability was found in Cogites eReserv, affecting an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the id argument leads to cross-site scripting. It is possible ...
Cogites eReserv Cross-Site Scripting Vulnerability
Cogites eReserv is an online reservation management software from Cogites. A cross-site scripting vulnerability exists in Cogites eReserv version 7.7.58, which originates from a cross-site scripting vulnerability in the /front/admin/tenancyDetail.php file...
CVE-2023-46254
capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...
Privilege escalation
capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...
CVE-2023-46254 Service accounts can see namespaces of other tenants in capsule-proxy
capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...
CVE-2023-46254
Capsule-proxy (Capsule Kubernetes multi-tenancy) contains a bug in the RoleBinding reflector that allows ServiceAccount tenants to list Namespaces owned by other tenants when two tenants share the same ServiceAccount name in different namespaces, under specific conditions (capsule-proxy running w...
CVE-2023-46254 Service accounts can see namespaces of other tenants in capsule-proxy
capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...
Cisco APIC Unauthorized Policy Actions (cisco-sa-apic-uapa-F4TAShk)
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...
Cisco Application Policy Infrastructure Controller Access Control Error Vulnerability (CNVD-2024-23322)
Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco. The Cisco Application Policy Infrastructure Controller suffers from an access control error vulnerability that stems from improper access control when using a...
CVE-2023-20230
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...
Improper access control
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...
CVE-2023-20230
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...
CVE-2023-20230
CVE-2023-20230 affects Cisco Application Policy Infrastructure Controller (APIC). The issue arises from improper access control in the restricted security domain implementation used to enforce multi-tenancy, allowing an authenticated, remote attacker with a restricted-domain account to read, modi...
Apache Pulsar 安全漏洞
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, and...