Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks a ...
Continue Reading
May 01, 2023
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_ ...
Continue Reading
May 01, 2023
A flaw was found in envoy. The header x-envoy-original-path should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent ...
Continue Reading
May 01, 2023
### Background The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are ...
Continue Reading
May 01, 2023
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-pres ...
Continue Reading
May 01, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data fro ...
Continue Reading
May 01, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data fro ...
Continue Reading
May 01, 2023
An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to ...
Continue Reading
May 01, 2023
Back to Main
