Key confusion through non-blocklisted public key formats

### Impact _What kind of vulnerability is it? Who is impacted?_ Disclosed by Aapo Oksman (Senior Security Specialist, Nixu Corporation). > PyJWT supports multiple different JWT signing algorithms. ...

Continue Reading

30 мая, 2022

User Impersonation Via Anonymous Access

github.com/argoproj/argo-cd is vulnerable to user impersonation. An attacker is able to send an invalid JSON Web Token (JWT) along with a request if anonymous access to the Argo CD instance is enabled ...

Continue Reading

30 мая, 2022

CVE-2022-29165

A flaw was found in the ArgoCD component of Red Hat GitOps, where an unauthenticated attacker can craft a malicious JWT token while ArgoCD's anonymous access is enabled and gains full access to the Ar ...

Continue Reading

30 мая, 2022

(RHSA-2022:4692) Important: Red Hat OpenShift GitOps security update

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: ArgoCD will blindly trust JWT claims if anonymous access is ...

Continue Reading

30 мая, 2022

(RHSA-2022:4691) Important: Red Hat OpenShift GitOps security update

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: ArgoCD will blindly trust JWT claims if anonymous access is ...

Continue Reading

30 мая, 2022

1 168 169 170

Back to Main
Subscribe for the latest news: