882 matches found
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...
CVE-2024-12678
Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...
UBUNTU-CVE-2024-12678
Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...
CVE-2024-12678 Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens
Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...
CVE-2024-12678
Nomad CVE-2024-12678 affects Nomad Community Edition and Nomad Enterprise allocations, where privilege escalation within a namespace can occur via unredacted workload identity tokens. Affected versions: Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. Root cause: unred...
CVE-2024-12678 Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens
Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...
HashiCorp Nomad 安全漏洞
HashiCorp Nomad is a simple and flexible scheduler and orchestrator from the US-based HashiCorp Inc. for managing containerized and non-containerized applications at scale, both locally and in the cloud. HashiCorp Nomad suffers from a security vulnerability that stems from an elevation of privile...
PT-2024-17712 · Hashicorp +2 · Hashicorp Nomad +2
Name of the Vulnerable Software and Affected Versions: Hashicorp Nomad versions prior to 1.9.4 Hashicorp Nomad versions prior to 1.8.8 Hashicorp Nomad versions prior to 1.7.16 Description: The issue is related to privilege escalation within a namespace through unredacted workload identity tokens...
The vulnerability of the IBM Tivoli Workload Scheduler software lies in the fact that it stores passwords in an unencrypted form, allowing a malicious individual to exploit this to disclose protected information.
The vulnerability of the IBM Tivoli Workload Scheduler software lies in the storage of passwords in an unencrypted form. Exploiting this vulnerability could allow a hacker to disclose the protected information...
IBM Workload Scheduler Information Disclosure Vulnerability
IBM Workload Scheduler is a suite of enterprise task scheduling software from International Business Machines IBM. The software automates the control of workloads. An information disclosure vulnerability exists in IBM Workload Scheduler versions 9.5, 10.1, and 10.2, which stems from storing user...
CVE-2024-49351
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user...
CVE-2024-49351
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user...
CVE-2024-49351
IBM Workload Scheduler (versions 9.5, 10.1, 10.2) stores user credentials in plaintext, readable by a local user. This yields a CVSSv3.1 base score of 5.5 (LO: Local, PR:L, C:H, I:N, A:N). The issue stems from plaintext password storage; remediation is to upgrade to fixed releases: 9.5.0.7, 10.1....
CVE-2024-49351 IBM Workload Scheduler information disclosure
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user...
CVE-2024-49351 IBM Workload Scheduler information disclosure
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user...
IBM Workload Scheduler 安全漏洞
IBM Workload Scheduler is a suite of enterprise task scheduling software from International Business Machines IBM. The software automates the control of workloads. An information disclosure vulnerability exists in IBM Workload Scheduler versions 9.5, 10.1, and 10.2, which stems from storing user...
Security Bulletin: IBM Workload Scheduler stores user credentials in plain text.
Summary IBM Workload Scheduler stores user credentials in plain text which can be read by a local user. CVE-2024-49351 Vulnerability Details CVEID:CVE-2024-49351 DESCRIPTION: IBM Workload Scheduler stores user credentials in plain text which can be read by a local user. CWE:CWE-256: Plaintext...
PT-2024-9573 · Ibm · Ibm Workload Scheduler
Name of the Vulnerable Software and Affected Versions: IBM Workload Scheduler versions 9.5 through 10.2 Description: The issue is related to the storage of passwords in plain text. This could allow an attacker to disclose protected information. A local user can read the user credentials stored in...
Bitcoin Core 安全漏洞
Bitcoin Core is a Bitcoin open source client for verifying the validity of blockchain transactions. A security vulnerability exists in versions of Bitcoin Core prior to 24.0.1 that stems from a failure to verify that the provided chain has sufficient workload, allowing an attacker to cause a deni...
Making Sense of Kubernetes Initial Access Vectors Part 2 - Data Plane
Learn about Kubernetes data plane access, including applications running on the cluster, container images, and execution-as-a-service workload types...