4 matches found
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to insufficient peer verification logic in the verifyPeerCert function. An attacker can impersonate privileged API components and execute unauthorized operations by compromising a single instance and...
Information Exposure
Overview logstash-core is a scalable log and event management tool. Affected versions of this package are vulnerable to Information Exposure due to allowing remote attackers to read communications between Logstash Forwarder agent and Logstash server. Remediation Upgrade logstash-core to version...
PT-2023-17240 · Hashicorp · Nomad Enterprise +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.5.0 through 1.5.2 Description: The issue allows unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This can lead to unauthorized access and...
Information Exposure
Overview std/math/big is a Go standard library package std/math/big Affected versions of this package are vulnerable to Information Exposure. Go Vulnerability Report: Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain...