An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are cre ...
Continue Reading25 апреля, 2024
CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE exploit script Description This script exploits CVE-2023-42793 to create an admin account on a TeamCity server. It sends a POST request to ...
Continue Reading24 апреля, 2024
Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the serv ...
Continue Reading24 апреля, 2024
SpEL Injection in PUT /api/v1/events/subscriptions (GHSL-2023-251) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able t ...
Continue Reading24 апреля, 2024
SpEL Injection in GET /api/v1/policies/validation/condition/<expr> (GHSL-2023-236) Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenti ...
Continue Reading24 апреля, 2024
Impact A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowl ...
Continue Reading24 апреля, 2024
A vulnerability was discovered in Rancher 2.0.0 through the aforementioned patched versions, where a malicious Rancher user could craft an API request directed at the proxy for the Kubernetes API of a ...
Continue Reading24 апреля, 2024
A vulnerability was discovered in Rancher versions 2.0 through the aforementioned fixed versions, where users were granted access to resources regardless of the resource's API group. For example ...
Continue Reading24 апреля, 2024
Back to Main