Page 3 of 52 results (0.008 seconds)

CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 1

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se presenta una vulnerabilidad de verificación de firmas en crewjam/saml. Este fallo permite a un atacante omitir la autenticación SAML. • https://bugzilla.redhat.com/show_bug.cgi?id=1907670 https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9 https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM https://mattermos • CWE-115: Misinterpretation of Input •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en las Restricciones de Contexto de Seguridad (SCC), que permite a los pods diseñar paquetes de red personalizados. Este fallo permite a un atacante causar un ataque de Denegación de Servicio en un clúster de OpenShift Container Platform si pueden desplegar pods. • https://bugzilla.redhat.com/show_bug.cgi?id=1858981 https://access.redhat.com/security/cve/CVE-2020-14336 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token. Se encontró un fallo en el OpenShift API Server, donde presento un fallo al proteger de manera suficiente a los OAuthTokens al filtrarlos en los registros cuando se produjo un pánico del API Server. Este fallo permite a un atacante con la capacidad de causar un error del API Server leer los registros y usar el OAuthToken filtrado para iniciar sesión en el API Server con el token filtrado • https://github.com/openshift/enhancements/pull/323 https://github.com/openshift/origin/blob/master/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/server/filters/wrap.go#L39 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system. Kibana versiones anteriores a 6.8.9 y 7.7.0, contienen un fallo de contaminación de prototipo en TSVB. Un atacante autenticado con privilegios para crear visualizaciones TSVB podría insertar datos que harían que Kibana ejecute código arbitrario. • https://www.elastic.co/community/security https://access.redhat.com/security/cve/CVE-2020-7013 https://bugzilla.redhat.com/show_bug.cgi?id=1849044 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity. Se encontró un fallo en OpenShift Container Platform versiones 4.1 y posteriores. Una información confidencial fue encontrada para ser registrada por el operador del registro de imagen permitiendo a un atacante conseguir acceso a esos registros, leer y escribir en el almacenamiento que respalda el registro de imágenes interno. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10712 https://access.redhat.com/security/cve/CVE-2020-10712 https://bugzilla.redhat.com/show_bug.cgi?id=1825161 • CWE-532: Insertion of Sensitive Information into Log File •