In order for this vulnerability to be exploited, anonymous access to the Argo CD instance must have been enabled. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to impersonate as any Argo CD user or role, including the `admin` user, by sending a specifically crafted JSON Web Token (JWT) along with the request.
#Logicaldoc access menu 1160 code
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.Īrgo CD is a declarative, GitOps continuous delivery tool for Kubernetes. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. Successful attacks of this vulnerability can result in takeover of Oracle Solaris.
While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Supported versions that are affected are 10 and 11. Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). An attacker could send an HTTP request to exploit this vulnerability. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. The flaw lies in the way the safe browsing function parses HTTP requests. An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003.
0 kommentar(er)
