1063 matches found
CVE-2021-37914
CVE-2021-37914 affects Argo Workflows (through 3.1.3). When EXPRESSION_TEMPLATES is enabled and untrusted users can specify input parameters for runs, an attacker can disrupt a workflow because expression template output is evaluated. The issue is tied to how template expressions are processed, e...
CVE-2021-37914
In Argo Workflows through 3.1.3, if EXPRESSIONTEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated...
GHSA-RC7P-GMVH-XFX2 Attack on Kubernetes via Misconfigured Argo Workflows
Impact Users running using the Argo Server with --auth-mode=server which is the default v3.0.0 AND have exposed their UI to the Internet may allow remote users to execute arbitrary code on their cluster, e.g. crypto-mining. Resolution Do not expose your user interface to the Internet. Change...
Attack on Kubernetes via Misconfigured Argo Workflows
Impact Users running using the Argo Server with --auth-mode=server which is the default v3.0.0 AND have exposed their UI to the Internet may allow remote users to execute arbitrary code on their cluster, e.g. crypto-mining. Resolution Do not expose your user interface to the Internet. Change...
Exploit for SQL Injection in Zabbix
This repository is an offensive tool for vulnerability research and exploitation. It contains various tools and exploits for testing and demonstrating vulnerabilities in different software and systems. The primary purpose of this repository is to provide a platform for researchers and security...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in github.com/argoproj/argo-workflows...
PT-2021-21906
Name of the Vulnerable Software and Affected Versions: Argo Workflows versions 3.1.3 and earlier Description: The issue arises when EXPRESSION TEMPLATES is enabled and untrusted users can specify input parameters for workflows. This allows an attacker to potentially disrupt a workflow because the...
Argo 输入验证错误漏洞
Argo is an open source container-native workflow engine. A security vulnerability exists in Argo Workflows 3.1.3 that could allow an attacker to corrupt a workflow if EXPRESSIONTEMPLATES is enabled and an untrusted user is allowed to specify input parameters when running the workflow...
vulhub
This is an open-source collection of vulnerable web applications and environments for testing and learning about web application security. It is a project maintained by phith0n and hosted on GitHub. The repository contains a variety of applications and environments, including CouchDB, FFmpeg, Git...
vulhub
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and others. The repository is maintained by Vulhub, a community-driven project fo...
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows
Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning. Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes – to speed up processing time for compute-intensive jobs like machi...
Description of the security update for SharePoint Server 2019: July 13, 2021 (KB5001975)
Description of the security update for SharePoint Server 2019: July 13, 2021 KB5001975 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and SharePoint Server spoofing vulnerability. To learn more about these vulnerabilities, see the following...
SUSE: Security Advisory (SUSE-SU-2017:2040-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2264-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-21423
projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...
PYSEC-2021-111
projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...
PYSEC-2021-111
projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...
Rebuild-bot workflow may allow unauthorised repository modifications
Impact projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project...
CVE-2021-21423 Exposure of Version-Control Repository to an Unauthorized Control Sphere in projen
projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...
Maintain File Security during Compliance Scanning
Learn how to integrate security into the build process to protect downstream workflows from risk...