16 matches found
EUVD-2022-38837
Malicious code in bioql PyPI...
EUVD-2022-7380
Malicious code in bioql PyPI...
CVE-2022-39383
KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're...
CVE-2022-36089
KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the PlatformID as the signed key to generate the JWT tokens for users. Another AP...
KubeVela VelaUX APIserver has SSRF vulnerability
Impact Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. This issue is patched in 1.5.9 and 1.6.2. References Fix by: 50...
GHSA-M5XF-X7Q6-3RM7 KubeVela VelaUX APIserver has SSRF vulnerability
Impact Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. This issue is patched in 1.5.9 and 1.6.2. References Fix by: 50...
PT-2022-24943 · Kubevela · Kubevela
Name of the Vulnerable Software and Affected Versions: KubeVela versions 1.5 through 1.5.7 KubeVela versions 1.6 through 1.6.0 Description: KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this issue. When using Helm Chart as the...
CVE-2022-39383 SSRF vulnerability in KubeVela VelaUX APIServer
KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're...
CVE-2022-39383 SSRF vulnerability in KubeVela VelaUX APIServer
KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're...
CVE-2022-39383 SSRF vulnerability in KubeVela VelaUX APIServer
KubeVela is an open source application delivery platform. Users using the VelaUX APIServer could be affected by this vulnerability. When using Helm Chart as the component delivery method, the request address of the warehouse is not restricted, and there is a blind SSRF vulnerability. Users who're...
CVE-2022-39383
CVE-2022-39383 describes a blind SSRF in the KubeVela VelaUX APIserver when using Helm Chart as the component delivery method, where the warehouse request address is not restricted. This affects KubeVela’s VelaUX APIserver and enables an SSRF vulnerability. Public reports and advisories (GitHub G...
Authentication flaw
KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the PlatformID as the signed key to generate the JWT tokens for users. Another AP...
CVE-2022-36089 VelaUX APIServer vulnerable to Authentication Bypass by Capture-replay
KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the PlatformID as the signed key to generate the JWT tokens for users. Another AP...
CVE-2022-36089 VelaUX APIServer vulnerable to Authentication Bypass by Capture-replay
KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the PlatformID as the signed key to generate the JWT tokens for users. Another AP...
CVE-2022-36089
KubeVela's VelaUX APIServer authenticates via JWTs signed with PlatformID, and the getSystemInfo API leaks the PlatformID. In versions prior to 1.4.11 and 1.5.4 this enables an attacker to re-generate tokens and bypass authentication. Patches exist in 1.4.11 and 1.5.4. Upgrading to these versions...
KubeVela 安全漏洞
KubeVela is a modern application delivery platform open-sourced by KubeVela. A security vulnerability exists in KubeVela versions prior to 1.4.11 and 1.5.4, which stems from the fact that its VelaUX APIServer uses the PlatformID as a signing key to generate JWT tokens for users. Another API calle...