CVE-2020-27174: Amazon vulnerability

October 18, 2020 0

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory Read more

Share this info:

CVE-2020-13261: Amazon vulnerability

August 21, 2020 0

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code References gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13261.json gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13261.json gitlab.com/gitlab-org/gitlab/-/issues/199242 gitlab.com/gitlab-org/gitlab/-/issues/199242 hackerone.com/reports/784130 hackerone.com/reports/784130

Share this info:

CVE-2020-2188: Amazon vulnerability

May 10, 2020 0

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. References jenkins.io/security/advisory/2020-05-06/#SECURITY-1844 www.openwall.com/lists/oss-security/2020/05/06/3

Share this info:

CVE-2020-2187: Amazon vulnerability

May 10, 2020 0

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. References jenkins.io/security/advisory/2020-05-06/#SECURITY-1528 www.openwall.com/lists/oss-security/2020/05/06/3

Share this info:

CVE-2020-2186: Amazon vulnerability

May 10, 2020 0

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. References jenkins.io/security/advisory/2020-05-06/#SECURITY-1408 www.openwall.com/lists/oss-security/2020/05/06/3

Share this info:
1 2 3