Security Bulletin: There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-37734)
## Summary There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite. ## Vulnerability Details **CVEID: **[CVE-2022-37734]() **DESCRIPTION: **GraphQL Ja ...
Continue Reading
May 01, 2023
SpiceDB binding metrics port to untrusted networks and can leak command-line flags
### Background The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are ...
Continue Reading
May 01, 2023
CVE-2023-29193
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-pres ...
Continue Reading
May 01, 2023
CVE-2023-28983
An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to ...
Continue Reading
May 01, 2023
Information Disclosure
github.com/authzed/spicedb is vulnerable to Information Disclosure. The vulnerability exists in the `MetricsHandler` function in `defaults.go` because it exposes the `--grpc-preshared-key` flag in the ...
Continue Reading
May 01, 2023
Internet Bug Bounty: JWT audience claim is not verified
All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an aud (audience) claim in signed ...
Continue Reading
May 01, 2023
Grafana — Exposure of sensitive information to an unauthorized actor
Grafana Labs reports: When setting up Grafana, there is an option to enable JWT authentication. Enabling this will allow users to authenticate towards the Grafana instance with a special header ...
Continue Reading
May 01, 2023
