An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization opera ...
Continue Reading
June 13, 2022
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an A ...
Continue Reading
June 10, 2022
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed ...
Continue Reading
June 10, 2022
### Summary The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the signature before verifying the claims (e.g., iss, aud, etc.). ...
Continue Reading
June 09, 2022
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 is vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd cl ...
Continue Reading
June 09, 2022
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2 ...
Continue Reading
June 09, 2022
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that th ...
Continue Reading
June 09, 2022
## Summary IBM Cloud Kubernetes Service is affected by an endpoint resource security design flaw in Kubernetes. If a potential attacker can create or edit Endpoints or EndpointSlices in the Kubernetes ...
Continue Reading
June 09, 2022
Back to Main
