CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2021-3642 – wildfly-elytron: possible timing attack in ScramServer
https://notcve.org/view.php?id=CVE-2021-3642
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. Se ha detectado un fallo en Wildfly Elytron en versiones anteriores a 1.10.14.Final, en versiones anteriores a la 1.15.5.Final y en versiones anteriores a la 1.16.1.Final donde ScramServer puede ser susceptible a Timing Attack si está habilitado. La mayor amenaza de esta vulnerabilidad es la confidencialidad. A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. • https://bugzilla.redhat.com/show_bug.cgi?id=1981407 https://access.redhat.com/security/cve/CVE-2021-3642 • CWE-203: Observable Discrepancy •
CVSS: 7.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-20218 – fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
https://notcve.org/view.php?id=CVE-2021-20218
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2 Se encontró un fallo en fabric8 kubernetes-client en versión 4.2.0 y posteriores. Este fallo permite a un pod/container malicioso causar que unas aplicaciones que usan el comando "copy" de fabric8 kubernetes-client extraigan archivos fuera de la ruta de trabajo. • https://bugzilla.redhat.com/show_bug.cgi?id=1923405 https://github.com/fabric8io/kubernetes-client/issues/2715 https://access.redhat.com/security/cve/CVE-2021-20218 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-10734
https://notcve.org/view.php?id=CVE-2020-10734
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable. Se encontró una vulnerabilidad en keycloak en la forma en que el endpoint de cierre de sesión OIDC no tiene protección CSRF. Se cree que las versiones enviadas con Red Hat Fuse 7, Red Hat Single Sign-on 7 y Red Hat Openshift Application Runtimes son vulnerables • https://bugzilla.redhat.com/show_bug.cgi?id=1831662 https://issues.redhat.com/browse/KEYCLOAK-13653 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1717
https://notcve.org/view.php?id=CVE-2020-1717
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack. Se encontró un fallo en Keycloak versión 7.0.1. Un usuario que haya iniciado sesión puede llevar a cabo un ataque de enumeración de correo electrónico de la cuenta • https://bugzilla.redhat.com/show_bug.cgi?id=1796281 https://issues.jboss.org/browse/KEYCLOAK-12014 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-27782 – undertow: special character in query results in server errors
https://notcve.org/view.php?id=CVE-2020-27782
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. Se encontró un fallo en el conector AJP de Undertow. • https://bugzilla.redhat.com/show_bug.cgi?id=1901304 https://access.redhat.com/security/cve/CVE-2020-27782 • CWE-400: Uncontrolled Resource Consumption •