CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0874 – Coredns: cd bit response is cached and served later
https://notcve.org/view.php?id=CVE-2024-0874
25 Apr 2024 — A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. Se encontró una falla en coredns. Este problema podría provocar que se devuelvan entradas de caché no válidas debido a un almacenamiento en caché implementado incorrectamente. • https://access.redhat.com/errata/RHSA-2024:0041 • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 7.8EPSS: 80%CPEs: 444EXPL: 14CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4456 – Openshift-logging: lokistack authorisation is cached too broadly
https://notcve.org/view.php?id=CVE-2023-4456
21 Aug 2023 — A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached. Se encontró una falla en Openshift-logging LokiStack. La clave utilizada para el almacenamiento en caché es solo el token, que es demasiado amplio. • https://access.redhat.com/errata/RHSA-2023:4933 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0552 – origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409
https://notcve.org/view.php?id=CVE-2022-0552
02 Mar 2022 — A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11. Se ha encontrado un fallo en la corrección original de netty-codec-http CVE-2021-21409, donde el contenedor OpenShift Logging openshift-logging/elasticsearch6-rhel8 estaba incompleto. El paquete m... • https://access.redhat.com/security/cve/CVE-2021-21409 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •