CVSS: 8.6EPSS: 5%CPEs: 2EXPL: 13CVE-2024-21626 – runc container breakout through process.cwd trickery and leaked fds
https://notcve.org/view.php?id=CVE-2024-21626
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. runc es una herramienta CLI para generar y ejecutar contenedores en Linux de acuerdo con la especificación OCI. En runc 1.1.11 y versiones anteriores, debido a una fuga interna de un descriptor de archivo, un atacante podría provocar que un proceso contenedor recién generado (de runc exec) tuviera un directorio de trabajo en el espacio de nombres del sistema de archivos del host, lo que permitiría un escape del contenedor al otorgar acceso. al sistema de archivos del host ("ataque 2"). • https://github.com/NitroCao/CVE-2024-21626 https://github.com/cdxiaodong/CVE-2024-21626 https://github.com/KubernetesBachelor/CVE-2024-21626 https://github.com/Wall1e/CVE-2024-21626-POC https://github.com/V0WKeep3r/CVE-2024-21626-runcPOC https://github.com/zpxlz/CVE-2024-21626-POC https://github.com/zhangguanzhang/CVE-2024-21626 https://github.com/laysakura/CVE-2024-21626-demo https://github.com/Sk3pper/CVE-2024-21626 https://github.com/abian2/CVE-2024-21626 https:// • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23656 – Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
https://notcve.org/view.php?id=CVE-2024-23656
Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. • https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425 https://github.com/dexidp/dex/commit/5bbdb4420254ba73b9c4df4775fe7bdacf233b17 https://github.com/dexidp/dex/issues/2848 https://github.com/dexidp/dex/pull/2964 https://github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r • CWE-326: Inadequate Encryption Strength CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 8.3EPSS: 0%CPEs: 4EXPL: 1CVE-2024-22424 – Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd
https://notcve.org/view.php?id=CVE-2024-22424
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim’s behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the “Lax” SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. • https://github.com/argoproj/argo-cd/issues/2496 https://github.com/argoproj/argo-cd/pull/16860 https://github.com/argoproj/argo-cd/security/advisories/GHSA-92mw-q256-5vwg https://access.redhat.com/security/cve/CVE-2024-22424 https://bugzilla.redhat.com/show_bug.cgi?id=2259105 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6944 – Rhdh: catalog-import function leaks credentials to frontend
https://notcve.org/view.php?id=CVE-2023-6944
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. Se encontró una falla en Red Hat Developer Hub (RHDH). • https://access.redhat.com/security/cve/CVE-2023-6944 https://bugzilla.redhat.com/show_bug.cgi?id=2255204 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46742 – CubeFS leaks users key in logs
https://notcve.org/view.php?id=CVE-2023-46742
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. • https://github.com/cubefs/cubefs/commit/8dccce6ac8dff3db44d7e9074094c7303a5ff5dd https://github.com/cubefs/cubefs/security/advisories/GHSA-vwch-g97w-hfg2 • CWE-532: Insertion of Sensitive Information into Log File •