1063 matches found
BIT-ARGO-WORKFLOWS-2021-37914
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
BIT-ARGO-WORKFLOWS-2022-29164 Privilege Escalation in argo-workflows
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kine, dex, kor, runc, helm-operator, hubble-ui, buildkitd, nerdctl, temporal, kube-bench, boring-registry, nri-prometheus, policy-controller, prometheus-alertmanager, ollama, kargo, kubeadm-bootstrap-controller, pgpool2exporter, crossplane-provider-aws-sqs,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: trivy, datadog-agent, caddy, crossplane-provider-azure-managedidentity, fulcio, kube-bench, rabbitmq-messaging-topology-operator, kube-state-metrics, prometheus-beat-exporter-fips, metacontroller, external-secrets-fips, haproxy-ingress, cadvisor, sonobuoy, hubble-fip...
Lessons from video game companies: automation unleashes robust monitoring & observability
Video game organizations need robust monitoring and observability solutions to stay one step ahead of cyber adversaries. Chances are, so do we all. In this blog post, we’ll delve into how monitoring and observability capabilities enable video game organizations to bolster their cybersecurity...
GHSA-7JWH-3VRQ-Q3M8 vulnerabilities
Vulnerabilities for packages: kine, caddy, trillian-fips, k3s, caddy-fips, kube-bench, ferretdb, src, trillian, step-ca, kube-bench-fips, kots, keda-fips, spicedb, temporal-server, amass, argo-workflows-fips, falcosidekick-fips, temporal-server-fips, argo-workflows,...
GHSA-7JWH-3VRQ-Q3M8 vulnerabilities
Vulnerabilities for packages: caddy, kine, argo-workflows, k3s, ferretdb, src, kots, step-ca, temporal-server, spicedb, trillian, kube-bench, amass, step...
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: kine, caddy, trillian-fips, k3s, caddy-fips, kube-bench, ferretdb, src, trillian, step-ca, kube-bench-fips, kots, keda-fips, spicedb, temporal-server, amass, argo-workflows-fips, falcosidekick-fips, temporal-server-fips, argo-workflows,...
GHSA-M7WR-2XF7-CM9P vulnerabilities
Vulnerabilities for packages: kots, wavefront-collector-for-kubernetes, step, caddy, trillian-fips, argo-workflows-fips, trillian, step-ca, caddy-fips, argo-workflows...
6 Ways to Simplify SaaS Identity Governance
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible fo...
CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...
Argus - A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
This repo contains the code for our USENIX Security '23 paper "ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions". Argus is a comprehensive security analysis tool specifically designed for GitHub Actions. Built with an aim to enhance the security of CI/CD...
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: cert-manager, falco, trivy, k3d, dagger, datadog-agent, eksctl, goreleaser, datadog-agent-fips, loki, newrelic-infrastructure-agent, docker-credential-gcr, policy-controller-fips, zot, k3s, scorecard, kubeflow-katib, pulumi, vexctl, cri-tools,...
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: cert-manager, falco, trivy, k3d, dagger, datadog-agent, eksctl, goreleaser, datadog-agent-fips, loki, newrelic-infrastructure-agent, docker-credential-gcr, policy-controller-fips, zot, k3s, scorecard, kubeflow-katib, pulumi, vexctl, cri-tools,...
CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows...
CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows...
CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows...
CVE-2023-34063
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows...
VMware Aria Automation and VMware Cloud Foundation Security Vulnerabilities
VMware Cloud Foundation and VMware Aria Automation are both products of VMware, Inc. VMware Cloud Foundation is an all-in-one hybrid cloud platform. VMware Cloud Foundation is an all-in-one hybrid cloud platform that includes operations automation, infrastructure auto-configuration, and integrate...
PT-2024-1101 · Vmware · Vmware Cloud Foundation +1
Name of the Vulnerable Software and Affected Versions: VMware Aria Automation formerly vRealize Automation versions prior to the fixed version VMware Cloud Foundation formerly Aria Automation versions prior to the fixed version Description: The issue is related to a Missing Access Control...