CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32163
https://notcve.org/view.php?id=CVE-2021-32163
Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. • https://github.com/mosn/mosn/issues/1633 https://github.com/mosn/mosn/pull/1637 • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-23947 – Argo CD users with any cluster secret update access may update out-of-bounds cluster secrets
https://notcve.org/view.php?id=CVE-2023-23947
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper authorization bug which allows users who have the ability to update at least one cluster secret to update any cluster secret. The attacker could use this access to escalate privileges (potentially controlling Kubernetes resources) or to break Argo CD functionality (by preventing connections to external clusters). A patch for this vulnerability has been released in Argo CD versions 2.6.2, 2.5.11, 2.4.23, and 2.3.17. Two workarounds are available. • https://github.com/argoproj/argo-cd/commit/fbb0b99b1ac3361b253052bd30259fa43a520945 https://github.com/argoproj/argo-cd/security/advisories/GHSA-3jfq-742w-xg8j https://access.redhat.com/security/cve/CVE-2023-23947 https://bugzilla.redhat.com/show_bug.cgi?id=2167819 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-25173 – containerd supplementary groups are not set up properly
https://notcve.org/view.php?id=CVE-2023-25173
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. • https://github.com/advisories/GHSA-4wjj-jwc9-2x96 https://github.com/advisories/GHSA-fjm8-m7m6-2fjp https://github.com/advisories/GHSA-phjr-8j92-w5v7 https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a https://github.com/containerd/containerd/releases/tag/v1.5.18 https://github.com/containerd/containerd/releases/tag/v1.6.18 https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2 • CWE-842: Placement of User into Incorrect Group CWE-863: Incorrect Authorization •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25153 – containerd OCI image importer memory exhaustion
https://notcve.org/view.php?id=CVE-2023-25153
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. • https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4 https://github.com/containerd/containerd/releases/tag/v1.5.18 https://github.com/containerd/containerd/releases/tag/v1.6.18 https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2 https://access.redhat.com/security/cve/CVE-2023-25153 https://bugzilla.redhat.com/show_bug.cgi?id=2174473 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25571 – Backstage has XSS Vulnerability in Software Catalog
https://notcve.org/view.php?id=CVE-2023-25571
Backstage is an open platform for building developer portals. `@backstage/catalog-model` prior to version 1.2.0, `@backstage/core-components` prior to 0.12.4, and `@backstage/plugin-catalog-backend` prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicious actor with access to add or modify content in an instance of the Backstage software catalog to inject script URLs in the entities stored in the catalog. If users of the catalog then click on said URLs, that can lead to an XSS attack. This vulnerability has been patched in both the frontend and backend implementations. The default `Link` component from `@backstage/core-components` version 1.2.0 and greater will now reject `javascript:` URLs, and there is a global override of `window.open` to do the same. • https://github.com/backstage/backstage/commit/3d1371954512f7fa8bd0e2d357e00eada2c3e8a8 https://github.com/backstage/backstage/security/advisories/GHSA-7hv8-3fr9-j2hv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-84: Improper Neutralization of Encoded URI Schemes in a Web Page •