17 matches found
Security update for helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog Unarchiving fix e4da497 Matt Farina Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:01596-2 Security update for helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...
SUSE SLES15 / openSUSE 15 Security Update : helm (SUSE-SU-2025:01596-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01596-1 advisory. help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to thi...
Security update for helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog Unarchiving fix e4da497 Matt Farina Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:01596-1 Security update for helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...
PT-2025-23276 · Suse · Helm
This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security patch release. Users are strongly recommended to update to this release. Changelog - Unarchiving fix e4da497 Matt Farina...
CVE-2024-24579
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
Privilege Escalation
jenkins is vulnerable to privilege escalation. The vulnerability exists due to the FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link...
jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...
jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...
jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link
An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...
CVE-2021-21687
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePathuntar...
CVE-2021-21687
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePathuntar...
PT-2021-14728 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue concerns the creation of symbolic links when unarchiving a symbolic link in FilePathuntar. Specifically, it does not check agent-to-controller...
The vulnerability of the libarchive library, allowing a hacker to execute arbitrary code
The vulnerability of the libarchive library exists due to the incorrect definition of the compressed file size in the .zip format archive. Exploiting this vulnerability allows a malicious actor to insert arbitrary code into the file header, which will be executed with the privileges of the curren...