Lucene search
K
Redhat3scale

8 matches found

CVE
CVE
added 2020/05/22 2:9 p.m.690 views

CVE-2020-10711

The CVE-2020-10711 entry concerns a NULL pointer dereference in the Linux kernel SELinux subprocess during CIPSO category bitmap import. Affected are kernel versions before 5.7; processing the CIPSO restricted bitmap tag in cipso_v4_parsetag_rbm sets a security attribute indicating the bitmap exi...

5.9CVSS6.5AI score0.03097EPSS
CVE
CVE
added 2022/02/16 6:35 p.m.525 views

CVE-2021-3752

Mode C: CVE-2021-3752 is a Linux kernel use-after-free vulnerability in the Bluetooth L2CAP path caused by a race between connect and disconnect. The flaw can allow a local attacker to crash the system or escalate privileges. Connected documents confirm this CVE is discussed in Debian advisories ...

7.9CVSS7.2AI score0.01736EPSS
CVE
CVE
added 2024/02/28 4:37 p.m.161 views

CVE-2024-0560

CVE-2024-0560 affects 3Scale when used with Keycloak 15 or RHSSO 7.5.0. The auth_type use_3scale_oidc_issuer_endpoint makes the Token Introspection policy read the token_introspection_endpoint field, which was removed in RH-SSO 7.5. As a result, tokens are not inspected and are treated as valid. ...

6.3CVSS6.3AI score0.00486EPSS
CVE
CVE
added 2022/03/25 6:2 p.m.88 views

CVE-2021-3814

CVE-2021-3814 affects 3scale’s APIdocs. The issue is that token validation is not performed correctly: when an invalid token is presented, the system falls back to session authentication, which can bypass access controls and lead to unauthorized information disclosure. This is described in multip...

7.5CVSS7.3AI score0.01113EPSS
CVE
CVE
added 2021/05/26 11:18 a.m.83 views

CVE-2019-14836

CVE-2019-14836 concerns Red Hat 3scale Dev Portal where login CSRF protection is absent. The connected documents consistently state the vulnerability stems from the login form not validating CSRF tokens, enabling an attacker to access unauthorized information or conduct further attacks. Affected ...

8.8CVSS8.4AI score0.0058EPSS
CVE
CVE
added 2021/05/26 8:54 p.m.83 views

CVE-2020-25634

CVE-2020-25634 affects Red Hat 3scale: an API documentation URL is accessible without credentials. This exposes or allows modification of service APIs and sensitive information. Affected versions are those before 3scale-2.10.0-ER1. Remediation provided in the documents is to upgrade to 3scale-2.1...

5.5CVSS5.2AI score0.00517EPSS
CVE
CVE
added 2019/12/12 1:14 p.m.82 views

CVE-2019-14849

The CVE-2019-14849 entries describe a vulnerability in Red Hat 3scale API Management (before version 2.6) where the user session cookie was not tagged HttpOnly. This omission enables cross-site scripting and potential exposure of unauthorized information. Affected component: 3scale session cookie...

5.4CVSS5.3AI score0.00528EPSS
CVE
CVE
added 2021/06/01 1:47 p.m.69 views

CVE-2021-3412

CVE-2021-3412 affects the 3Scale developer portal, with the root cause being missing brute-force protections in all portal versions. The vulnerability could allow an attacker to bypass login controls and access privileged information, potentially enabling further attacks. Exploitation details are...

7.3CVSS7.3AI score0.0076EPSS