CVE-2022-29164 Privilege Escalation in argo-workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

CVE-2022-29164

Affected software: Argo Workflows (Kubernetes) Vulnerability summary: An attacker can craft a HTML artifact in a workflow that contains a script using XHR to interact with the Argo Server API. The attacker emails a link to the deep-link artifact; when opened by a victim, the script executes with ...

CVE-2022-29164 Privilege Escalation in argo-workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

CVE-2022-29164 Privilege Escalation in argo-workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Serv...

nuclei-templates

This repository is an offensive tool for nuclei templates. It is a community-driven collection of templates for the nuclei engine to find security vulnerabilities in applications. The repository contains various templates, including CVEs, and is maintained by the projectdiscovery team. The...

PT-2022-19423

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to the fixed version Description Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions, an attacker can create a workflow that produc...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications, each designed to demonstrate a specific web application security vulnerability. The repository includes various web applications, such as CouchDB, Git, and...

Shopify: Staff can create workflows in Shopify Admin without apps permission

Summary: add summary of the vulnerability According to publicly available docs, Flow can be accessed in two ways. 1. through the Shopify organization admin Shopify plus 2. by installing the Shopify Flow app. I stumbled on /admin/internal/web/graphql/flow endpoint which is accessible to a staff...

ai.h2o:h2o-clustering (>=3.32.1.1 <=3.44.0.2), ai.h2o:h2o-k8s (>=3.30.0.2 <=3.44.0.2) +211 more potentially affected by CVE-2022-21230 via org.nanohttpd:nanohttpd (>=2.2.0 <=2.3.1)

org.nanohttpd:nanohttpd MAVEN version =2.2.0, =3.32.1.1, =3.30.0.2, =3.34.0.3, =1.0.0, =1.0.0, =1.0.0, =3.8, =1.0, =1.1, =0.2.22, =0.2.22, =0.4.15 and more Source cves: CVE-2022-21230 Source advisory: SNYK:JAVA-ORGNANOHTTPD-2422798...

The Unbearable Lightness of Unaudited Supply Chains

An acute need expressed by a majority of CISOs at a roundtable in Italy sparks an idea to use one of our lesser-known compliance apps to manage supply chain security assurance efforts. In the 1984 novel The Unbearable Lightness of Being, author Milan Kundera ponders the fleeting nature of man’s...

Vulnerability Remediation: It’s Not Just Patching

Vulnerability does not equal a patch, as such remediating a detected vulnerability requires deploying the right patches and, in some cases, making the right configuration changes. Using multiple tools to detect, map and deploy the right remediation actions is time consuming and will result in les...

nuclei-templates

This is a GitHub repository for a community-curated list of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various templates for the Nuclei scanner, which powers the actual scanning engine. The templates are provided by the project's team...

F5 NGINX Controller API Code Injection Vulnerability

The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...

KNIME has unspecified vulnerabilities

A security vulnerability exists in Knime, the Swiss company's enterprise software for putting data science workflows into production, which stems from the fact that when an administrator password is saved in a file without file access controls, its contents can be read by all local users. No...

PT-2021-24204 · Knime · Knime Analytics Platform

Name of the Vulnerable Software and Affected Versions: KNIME Analytics Platform versions prior to 4.5.0 Description: The issue concerns an external XML entity injection XXE vulnerability. It can be exploited via a crafted workflow file .knwf. Recommendations: For versions prior to 4.5.0, update t...

Stay Ahead of Threats With Cloud Workload Protection

When it comes to cloud-native applications, optimal security requires a modern, integrated, and automated approach that starts in development and extends to runtime protection. Cloud workload protection CWP helps make that goal possible by bringing major structural changes to software development...

KNIME directory traversal vulnerability

A directory traversal vulnerability exists in Knime, the Swiss company's enterprise software for putting data science workflows into production. knime stems from a failure of a networked system or product to properly filter special elements in a resource or file path, which could be exploited by ...

Knime Server 路径遍历漏洞

A directory traversal vulnerability exists in Knime, the Swiss company's enterprise software for putting data science workflows into production. knime stems from a failure of a networked system or product to properly filter special elements in a resource or file path, which could be exploited by ...

JetBrains YouTrack Injection Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack is vulnerable to an injection vulnerability that stems from...

CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...