100 matches found
resource-agents bug fix update
An update is available for resource-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...
resource-agents bug fix update
An update is available for resource-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The resource-agents packages provide the Pacemaker and RGManager...
GO-2024-2727 Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation
Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation...
BIT-ARGO-CD-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...
TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc
Summary The Apache Hadoop Distributed File System HDFS can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud VPC or shares the VPC with other Compute Engine instances. Google Cloud Platform GCP provides a default VPC called default. This VP...
CVE-2024-31989
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...
CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...
CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...
CVE-2024-31989
Argo CD (GitOps tool for Kubernetes) has a vulnerability where an unprivileged pod in a different namespace can reach the Redis server on port 6379, potentially leading to privilege escalation to the cluster controller or information leakage if Redis access is not restricted. The issue is mitigat...
CVE-2024-31989 ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS...
Firewall Bypass
github.com/edgelesssys/constellation is vulnerable to Firewall Bypass. The vulnerability is due to the world configuration which does not prevent unauthorized access to entities inside the cloud VPC to directly reach pods using their internal IP addresses...
GHSA-G8FC-VRCG-8VJG Constallation has pods exposed to peers in VPC
Impact Cilium allows outside actors world entity to directly access pods with their internal pod IP, even if they are not exposed explicitly e.g. via LoadBalancer. A pod that does not authenticate clients and that does not exclude world traffic via network policy may leak sensitive data to an...
Constallation has pods exposed to peers in VPC
Impact Cilium allows outside actors world entity to directly access pods with their internal pod IP, even if they are not exposed explicitly e.g. via LoadBalancer. A pod that does not authenticate clients and that does not exclude world traffic via network policy may leak sensitive data to an...
MAL-2023-8531 Malicious code in vpc-nat-gateway-dependency (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9417e9eb52b089fd432e5dd38464df3ef02177d6b0d26f9fc664ef56591c4ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vpc-nat-gateway-dependency (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c9417e9eb52b089fd432e5dd38464df3ef02177d6b0d26f9fc664ef56591c4ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan
Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services AWS that allows the AWS Systems Manager Agent SSM Agent to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their...
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.3.1 may be vulnerable to a remote file access exploit if they are not limiting who can query their server for example,...
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...
Aws-Security-Assessment-Solution - An AWS Tool To Help You Create A Point In Time Assessment Of Your AWS Account Using Prowler And Scout As Well As Optional AWS Developed Ransomware Checks
Self-Service Security Assessment too l Cybersecurity remains a very important topic and point of concern for many CIOs, CISOs, and their customers. To meet these important concerns, AWS has developed a primary set of services customers should use to aid in protecting their accounts. Amazon...
Lateral movement risks in the cloud and how to prevent them – Part 1: the network layer (VPC)
In this first blog post, we will introduce lateral movement as it pertains to the VPC. We will discuss attacker TTPs, and outline best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk...