8 matches found
CVE-2020-10711
The CVE-2020-10711 entry concerns a NULL pointer dereference in the Linux kernel SELinux subprocess during CIPSO category bitmap import. Affected are kernel versions before 5.7; processing the CIPSO restricted bitmap tag in cipso_v4_parsetag_rbm sets a security attribute indicating the bitmap exi...
CVE-2021-3752
Mode C: CVE-2021-3752 is a Linux kernel use-after-free vulnerability in the Bluetooth L2CAP path caused by a race between connect and disconnect. The flaw can allow a local attacker to crash the system or escalate privileges. Connected documents confirm this CVE is discussed in Debian advisories ...
CVE-2024-0560
CVE-2024-0560 affects 3Scale when used with Keycloak 15 or RHSSO 7.5.0. The auth_type use_3scale_oidc_issuer_endpoint makes the Token Introspection policy read the token_introspection_endpoint field, which was removed in RH-SSO 7.5. As a result, tokens are not inspected and are treated as valid. ...
CVE-2021-3814
CVE-2021-3814 affects 3scale’s APIdocs. The issue is that token validation is not performed correctly: when an invalid token is presented, the system falls back to session authentication, which can bypass access controls and lead to unauthorized information disclosure. This is described in multip...
CVE-2019-14836
CVE-2019-14836 concerns Red Hat 3scale Dev Portal where login CSRF protection is absent. The connected documents consistently state the vulnerability stems from the login form not validating CSRF tokens, enabling an attacker to access unauthorized information or conduct further attacks. Affected ...
CVE-2020-25634
CVE-2020-25634 affects Red Hat 3scale: an API documentation URL is accessible without credentials. This exposes or allows modification of service APIs and sensitive information. Affected versions are those before 3scale-2.10.0-ER1. Remediation provided in the documents is to upgrade to 3scale-2.1...
CVE-2019-14849
The CVE-2019-14849 entries describe a vulnerability in Red Hat 3scale API Management (before version 2.6) where the user session cookie was not tagged HttpOnly. This omission enables cross-site scripting and potential exposure of unauthorized information. Affected component: 3scale session cookie...
CVE-2021-3412
CVE-2021-3412 affects the 3Scale developer portal, with the root cause being missing brute-force protections in all portal versions. The vulnerability could allow an attacker to bypass login controls and access privileged information, potentially enabling further attacks. Exploitation details are...