CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-22482 – JWT audience claim is not verified
https://notcve.org/view.php?id=CVE-2023-22482
25 Jan 2023 — Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token wa... • https://github.com/argoproj/argo-cd/security/advisories/GHSA-q9hr-j4rf-8fjc • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 3CVE-2022-25882
https://notcve.org/view.php?id=CVE-2022-25882
25 Jan 2023 — Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" Las versiones del paquete onnx anteriores a la 1.13.0 son vulnerables a Directory Traversal ya que el campo external_data del tensor proto puede tener una ruta al archivo que está fuera del directorio actual del modelo o del directorio proporcionado... • https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4314
https://notcve.org/view.php?id=CVE-2021-4314
18 Jan 2023 — It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the services using the ZAAS client or the API ML API to query will be deceived into believing the information in the JWT token is valid when it isn’t. It’s possible to use this to persuade the southbound service that diff... • https://github.com/zowe/api-layer • CWE-269: Improper Privilege Management CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 91%CPEs: 1EXPL: 3CVE-2022-46463
https://notcve.org/view.php?id=CVE-2022-46463
12 Jan 2023 — An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature." Un problema de control de acceso en Harbor v1.XX a v2.5.3 permite a los atacantes acceder a repositorios de imágenes públicos y privados sin autenticación. NOTA: la posición del proveedor es que esto "se describe claramente en la documentación como una característica". • https://github.com/nu0l/CVE-2022-46463 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4875 – fossology cross site scripting
https://notcve.org/view.php?id=CVE-2022-4875
04 Jan 2023 — A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. • https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23506 – Spinnaker's Rosco microservice vulnerable to improper log masking on AWS Packer builds
https://notcve.org/view.php?id=CVE-2022-23506
03 Jan 2023 — Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposure of sensitive AWS credentials in packer log files. Versions 1.29.2, 1.28.4, and 1.27.3 of Rosco contain fixes for this issue. A workaround is available. • https://github.com/spinnaker/rosco/commit/e80cfaa1abfb3a0e9026d45d6027291bfb815daf • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 31%CPEs: 2EXPL: 2CVE-2019-19030
https://notcve.org/view.php?id=CVE-2019-19030
26 Dec 2022 — Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists. Cloud Native Computing Foundation Harbor anterior a 1.10.3 y 2.x anterior a 2.0.1 permite la enumeración de recursos porque las llamadas API no autenticadas revelan (a través del código de estado HTTP) si existe un recurso. • https://github.com/shodanwashere/boatcrash • CWE-204: Observable Response Discrepancy •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23536 – Alertmanager can expose local files content via specially crafted config
https://notcve.org/view.php?id=CVE-2022-23536
19 Dec 2022 — Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to u... • https://cortexmetrics.io/docs/api/#set-alertmanager-configuration • CWE-73: External Control of File Name or Path CWE-184: Incomplete List of Disallowed Inputs CWE-641: Improper Restriction of Names for Files and Other Resources •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23471 – containerd CRI stream server: Host memory exhaustion through terminal resize goroutine leak
https://notcve.org/view.php?id=CVE-2022-23471
07 Dec 2022 — containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the s... • https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 10%CPEs: 1EXPL: 4CVE-2022-46770 – qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)
https://notcve.org/view.php?id=CVE-2022-46770
07 Dec 2022 — qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255). qubes-mirage-firewall (aka firewall Mirage para QubesOS) 0.8.x a 0.8.3 permite a los usuarios de sistemas operativos invitados provocar una Denegación de Servicio (DoS) (consumo de CPU y pérdida de reenvío) a través de un paquete UDP de multidifusión m... • https://packetstorm.news/files/id/171610 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •