Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v1.3.0 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is or may be use...

DoS through large manifest files in Argo CD

Impact All versions of Argo CD starting with v0.7.0 is vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params

Impact All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a...

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params

All versions of Argo CD starting with v0.11.0 is vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in github.com/argoproj/argo-cd/v2...

DoS through large manifest files in Argo CD

Impact All versions of Argo CD starting with v0.7.0 is vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service. The repo-server is a critical component of Argo CD, so crashing the repo-server effectively denies core Argo CD...

Relative Path Traversal

Relative Path Traversal in github.com/argoproj/argo-events...

Uncontrolled Resource Consumption

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

Missing Release of Memory after Effective Lifetime

A memory leak out-of-memory in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file...

Out-of-bounds Read

Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress...

Unsafe deserialization in com.alibaba:fastjson

The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...

Server-side request forgery in Apache Dubbo

bypass CVE-2021-25640 In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the allowed host check which can cause open redirect or SSRF vulnerability...

Path Traversal in file editor on Windows in Gogs

Impact The malicious user is able to delete and upload arbitrary files. All installations on Windows with repository upload enabled default are affected. Patches Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...

Path Traversal in Git HTTP endpoints in Gogs

Impact The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected. Patches Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. Workarounds N/A References...

OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

Server-Side Request Forgery in gogs webhook

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.8...

OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

OS Command Injection in gogs

Missing input validation in internal/db/repoeditor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker registered user can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain a...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in gogs.io/gogs...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site Scripting XSS - Stored in GitHub repository go-gitea/gitea prior to 1.16.9...

Cross site scripting in Angular

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to...

Improper Control of Generation of Code ('Code Injection')

A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...

Blogifier does not properly restrict APIs

Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as demonstrated by missing checks for .. in a pathname. The issue is patched in the 2.4 branch, but 2.5.5 is the lowest available patched version on https://www.nuget.org/packages/Blogifier.Core...

Loop with Unreachable Exit Condition ('Infinite Loop')

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service infinite loop via crafted ParseFragment input...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public, any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account...

Use of Insufficiently Random Values

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...

Use of Insufficiently Random Values

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...

Loop with Unreachable Exit Condition ('Infinite Loop')

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service infinite loop via crafted ParseFragment input...

Improper Input Validation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on SSO is enabled. In order to exploit this vulnerability,...

NULL Pointer Dereference

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers...

Authentication Bypass by Spoofing

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...

Improper Input Validation

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on SSO is enabled. In order to exploit this vulnerability,...

Allocation of Resources Without Limits or Throttling

Some HTTP/2 implementations is vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the RSTSTRE...

Uncontrolled Resource Consumption

Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

Insertion of Sensitive Information into Log File

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...

Allocation of Resources Without Limits or Throttling

Some HTTP/2 implementations is vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the RSTSTRE...

Uncontrolled Resource Consumption

Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

Insertion of Sensitive Information into Log File

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...

Insufficiently Protected Credentials

Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The aimeos aka Aimeos shop and e-commerce framework extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account...

Kubernetes Secrets Store CSI Driver plugins arbitrary file write

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...

Kubernetes Secrets Store CSI Driver plugins arbitrary file write

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods...

Authentication Bypass by Spoofing

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, includin...

Uncontrolled Recursion

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

Gitea XSS Vulnerability in Repository Description

Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting XSS. The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page...