14 matches found
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: nuclei, scorecard, chezmoi, kubernetes, skaffold, terraform-provider-tls, prometheus, tekton-chains, ko, snyk-cli, mattermost, mods, terraform-provider-azurerm, istio, caddy, grype, kaf, syft, rancher, crossplane-provider-family-azure, trivy-operator, vitess, openbao...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: nuclei, scorecard, skaffold, crossplane-provider-aws-rds, snyk-cli, crossplane-provider-aws-ec2, cert-manager-cmctl, terraform-provider-azurerm, syft, grype, kubevela, trivy-operator, crossplane-provider-family-azure, openbao, witness, crossplane-provider-aws-memoryd...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: nuclei, scorecard, skaffold, crossplane-provider-aws-rds, snyk-cli, crossplane-provider-aws-ec2, cert-manager-cmctl, terraform-provider-azurerm, syft, grype, kubevela, trivy-operator, crossplane-provider-family-azure, openbao, witness, crossplane-provider-aws-memoryd...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-eks-fips, livekit-cli, kyverno-fips, crossplane-provider-aws-cloudwatchlogs-fips, flux, crossplane-provider-aws-s3-fips, actions-runner-controller-fips, flux-image-automation-controller, ksops, boring-registry, tekton-pipelines,...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
Improper use of cryptographic key in wal-g
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
GHSA-VRMR-F2QH-3HHF Improper use of cryptographic key in wal-g
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
Information Disclosure
github.com/wal-g/wal-g is vulnerable to information disclosure. The vulnerability exists when user uses libsodium encryption for their backup files which is not available but are silently processed and uploaded as plaintext...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
Code injection
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
CVE-2021-38599
CVE-2021-38599 affects WAL-G prior to version 1.1. In non-libSodium builds, WAL-G silently ignores the libsodium encryption key and uploads backups in plaintext, creating an information disclosure vulnerability. Affected software: WAL-G backup tool (used with PostgreSQL, MySQL/MariaDB, MS SQL Ser...
WAL-G 代码问题漏洞
WAL-G is an archive recovery tool for PostgreSQL, MySQL/MariaDB and MS SQL Server MongoDB and Redis beta. A code issue vulnerability exists in WAL-G prior to 1.1, which stems from a lack of checking for the existence of libsodium keys in non-libsodium builds...