CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32660 – TechDocs content sanitization bypass
https://notcve.org/view.php?id=CVE-2021-32660
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In versions of `@backstage/tehdocs-common` prior to 0.6.4, a malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is hosted on the same origin as the Backstage app or other backend plugins, this may give access to sensitive data. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. • https://github.com/backstage/backstage/commit/aad98c544e59369901fe9e0a85f6357644dceb5c https://github.com/backstage/backstage/releases/tag/release-2021-06-03 https://github.com/backstage/backstage/security/advisories/GHSA-pwhf-39xg-4rxw • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27847
https://notcve.org/view.php?id=CVE-2020-27847
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects dex versions before 2.27.0. Se presenta una vulnerabilidad en el conector SAML de la biblioteca github.com/dexidp/dex que es usado para procesar la comprobación de firma SAML. • https://bugzilla.redhat.com/show_bug.cgi?id=1907732 https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5 https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities • CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3557 – argocd: ServiceAccount argocd-argocd-server is able to read all resources of the whole cluster
https://notcve.org/view.php?id=CVE-2021-3557
A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality. Se ha encontrado un fallo en argocd. Cualquier usuario no privilegiado es capaz de desplegar argocd en su espacio de nombres y con la ServiceAccount argocd-argocd-server creada, el usuario no privilegiado es capaz de leer todos los recursos del clúster, incluyendo todos los secretos, lo que podría permitir escaladas de privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1961929 https://access.redhat.com/security/cve/CVE-2021-3557 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-30465 – runc: vulnerable to symlink exchange attack
https://notcve.org/view.php?id=CVE-2021-30465
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. runc versiones anteriores a 1.0.0-rc95, permite un Container Filesystem Breakout por medio de un Salto de Directorio. Para explotar la vulnerabilidad, un atacante debe ser capaz de crear varios contenedores con una configuración de montaje bastante específica. El problema ocurre por medio de un ataque de intercambio de enlaces simbólicos que se basa en una condición de carrera The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. • http://www.openwall.com/lists/oss-security/2021/05/19/2 https://bugzilla.opensuse.org/show_bug.cgi?id=1185405 https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f https://github.com/opencontainers/runc/releases https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH https: • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-23135 – Argo CD leaked secret data into error messages and logs on invalid edits via UI
https://notcve.org/view.php?id=CVE-2021-23135
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14. Una exposición de los Datos del Sistema en una vulnerabilidad de Esfera de Control No Autorizada en la Interfaz de Usuario web de Argo CD permite a un atacante causar una filtración de datos secretos en unos registros y mensajes de error de la Interfaz de Usuario web. Este problema afecta a Argo CD versiones 1.8 anteriores a 1.8.7; versiones 1.7 anteriores a 1.7.14 • https://github.com/argoproj/argo-cd/security/advisories/GHSA-fp89-h8pj-8894 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •