### Background The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are ...
Continue ReadingMay 01, 2023
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-pres ...
Continue ReadingMay 01, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data fro ...
Continue ReadingMay 01, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data fro ...
Continue ReadingMay 01, 2023
An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to ...
Continue ReadingMay 01, 2023
github.com/authzed/spicedb is vulnerable to Information Disclosure. The vulnerability exists in the `MetricsHandler` function in `defaults.go` because it exposes the `--grpc-preshared-key` flag in the ...
Continue ReadingMay 01, 2023
## Security Advisory 0086 _._CSAF PDF #### Date: April 25, 2023 Revision | Date | Changes ---|---|--- 1.0 | April 25, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24512 CVSSv3.1 ...
Continue ReadingMay 01, 2023
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can cra ...
Continue ReadingMay 01, 2023
Back to Main