Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FlyteFlyteadmin

3 matches found

CVE
CVEadded 2022/10/06 12:0 a.m.266 views

CVE-2022-39273

FlyteAdmin's CVE-2022-39273 describes a vulnerability in the default OAuth2 authorization server configuration. When ExternalAuthorizationServer is not specified, the default clientid hashes and a hardcoded hashed password in Flyte Admin (and propagated to the Propeller configmap in Helm charts) ...

7.5CVSS6.2AI score0.0067EPSS
CVE
CVEadded 2023/10/30 6:1 p.m.77 views

CVE-2023-41891

FlyteAdmin’s list endpoints are vulnerable to SQL injection in versions prior to 1.1.124, where a malicious user can send REST requests with custom SQL statements as list filters. The attacker must have access to the FlyteAdmin installation (typically behind VPN or authenticated access). A patch ...

8.8CVSS6.3AI score0.00929EPSS
CVE
CVEadded 2022/07/13 8:30 p.m.70 views

CVE-2022-31145

Summary: CVE-2022-31145 concerns FlyteAdmin's validation of access/tokens. In versions up to 1.1.30, authenticated users with external identity providers can continue to use Access Tokens and ID Tokens after expiry. The issue does not affect users configuring FlyteAdmin as the OAuth2 Authorizatio...

6.5CVSS6.3AI score0.0077EPSS