882 matches found
CVE-2022-3866
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
CVE-2021-26994
Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service DoS on a cluster node...
Intel QAT 代码问题漏洞
Intel QAT software refers to the collection of software components that support Intel QuickAssist technology. A code issue vulnerability exists in Intel QAT software that stems from an uncontrolled search path that can be exploited by an attacker to cause a local elevation of privilege...
Security Bulletin: IBM Workload scheduler vulnerable to CVE-2019-4608 and CVE-2020-5028
Summary IBM Tivoli Dynamic Workload Console is potentially vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2019-4608 DESCRIPTION: IBM Tivoli Workload Scheduler is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web ...
Identity Control Plane: the Unifying Layer for Zero Trust Infrastructure
This paper introduces the Identity Control Plane ICP, an architectural framework for enforcing identity-aware Zero Trust access across human users, workloads, and automation systems. The ICP model unifies SPIFFE-based workload identity, OIDC/SAML user identity, and scoped automation credentials v...
Understanding the threat landscape for Kubernetes and containerized assets
The dynamic nature of containers can make it challenging for security teams to detect runtime anomalies or pinpoint the source of a security incident, presenting an opportunity for attackers to stay undetected. Microsoft Threat Intelligence has observed threat actors taking advantage of unsecured...
Intent-Aware Authorization for Zero Trust CI/CD
This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluat...
Establishing Workload Identity for Zero Trust CI/CD: from Secrets to SPIFFE-Based Authentication
CI/CD systems have become privileged automation agents in modern infrastructure, but their identity is still based on secrets or temporary credentials passed between systems. In enterprise environments, these platforms are centralized and shared across teams, often with broad cloud permissions an...
[SECURITY] Fedora 42 Update: condor-23.9.6-6.fc42
HTCondor is a workload management system for high-throughput and high-performance jobs. Like other full-featured batch systems, HTCondor provides a job queuing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs t...
GHSA-4H9W-7VFP-PX8M Shopware default newsletter opt-in settings allow for mass sign-up abuse
Impact Currently the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are: Newsletter: Double Opt-in - active Newsletter: Double opt-in for registered customers - disabled Log-in & sign-up: Double opt-in on sign-up - disabled...
[SECURITY] Fedora 41 Update: condor-23.9.6-3.fc41
HTCondor is a workload management system for high-throughput and high-performance jobs. Like other full-featured batch systems, HTCondor provides a job queuing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs t...
[SECURITY] Fedora 40 Update: condor-23.9.6-3.fc40
HTCondor is a workload management system for high-throughput and high-performance jobs. Like other full-featured batch systems, HTCondor provides a job queuing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs t...
Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.15.1-4 Update
Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...
HTCondor 安全漏洞
HTCondor is a workload management system at the University of Wisconsin-Madison UW-Madison. The system provides job queuing mechanisms, scheduling policies, prioritization schemes, resource monitoring and resource management. A security vulnerability exists in HTCondor that stems from an...
Security Bulletin: IBM Workload Scheduler is vulnerable to arbitrary file creation vulnerability due to CVE-2022-22369 affecting JLOG component
Summary The Jlog component on the Master Domain Manager of IBM Workload Scheduler permits an unauthenticated user to interact with the system making it possible to modify the way the service works or modify system files. Vulnerability Details CVEID:CVE-2022-22369 DESCRIPTION: IBM Workload...
GO-2025-3561 Cilium node based network policies may incorrectly allow workload traffic in github.com/cilium/cilium
Cilium node based network policies may incorrectly allow workload traffic in github.com/cilium/cilium...
GO-2025-3510 Unintentional exposure of the workload identity token and client secret in logs in github.com/hashicorp/nomad
Unintentional exposure of the workload identity token and client secret in logs in github.com/hashicorp/nomad...
Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs
Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...
CVE-2025-1296
Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...
UBUNTU-CVE-2025-1296
Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...