Cross-site Scripting for Argo CD SSO users

### Impact All versions of Argo CD starting with 2.3.0 are vulnerable to a cross-site scripting (XSS) bug which could allow an attacker to inject arbitrary JavaScript in the `/auth/callback` page in a ...

Continue Reading
CVE-2022-31102

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading
CVE-2022-31105

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading
No security checking for UnsafeAccess.getInstance() in UnsafeAccessor

### Overview Affected versions have no limit to using unsafe-accessor. Can be ignored if `SecurityCheck.AccessLimiter` not setup ### Details If UA was loaded as a named module, the internal data of UA ...

Continue Reading
Cross-site Scripting for Argo CD SSO users

### Impact All versions of Argo CD starting with 2.3.0 are vulnerable to a cross-site scripting (XSS) bug which could allow an attacker to inject arbitrary JavaScript in the `/auth/callback` page in a ...

Continue Reading
Certificate verification is skipped for connections to OIDC providers

### Impact All versions of Argo CD starting with v0.4.0 are vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OIDC provid ...

Continue Reading
CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation ...

Continue Reading
PYSEC-2022-226

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the er ...

Continue Reading

Back to Main

Subscribe for the latest news: