Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

Nexus Repository Manager 3 Remote Code Execution (CVE-202...

CVE-2020-10199 is a critical Java EL injection flaw in Sonatype Nexus Repository Manager 3 letting authenticated users achieve remote code execution.

Nov 23, 20257 min read
Vulnerability Analysis

Nexus Repository Manager Authenticated RCE via EL Injecti...

CVE-2020-10204 lets an authenticated Nexus Repository Manager user execute arbitrary code via EL injection. Here is what changed and how to respond.

Nov 22, 20257 min read
Vulnerability Analysis

Harbor Registry Privilege Escalation via Self-Registratio...

CVE-2019-16097 let attackers self-register as Harbor admins via a single API call. Here's the impact, affected versions, timeline, and how to remediate it.

Nov 22, 20257 min read
Vulnerability Analysis

Harbor Arbitrary File Overwrite via Chart Upload Path Tra...

CVE-2020-13788 let authenticated users overwrite arbitrary files on Harbor via path traversal in Helm chart uploads. Here's the impact, fix, and remediation steps.

Nov 22, 20258 min read
Vulnerability Analysis

Harbor CSRF Token Bypass Enabling Session Hijack (CVE-202...

CVE-2022-31663 let attackers bypass Harbor's CSRF protections to hijack authenticated sessions. Here's the impact, affected versions, and how to remediate.

Nov 22, 20257 min read
Vulnerability Analysis

Project Quay Improper Access Control Exposing Private Ima...

CVE-2020-27838 exposed private container images in Project Quay due to improper access control. Here's what happened, who's affected, and how to remediate it.

Nov 21, 20258 min read
Vulnerability Analysis

runc Container Breakout via /proc/self/exe Overwrite (CVE...

CVE-2019-5736 let a malicious container overwrite the host runc binary, escaping isolation to gain root on the Docker or Kubernetes host.

Nov 21, 20257 min read
Vulnerability Analysis

containerd-shim Abstract Unix Socket Exposure Enabling Co...

CVE-2020-15257 lets processes in host-networked containers reach the containerd-shim socket and escape to the host. Impact, affected versions, and fixes explained.

Nov 21, 20258 min read
Vulnerability Analysis

CRI-O 'cr8escape' Sysctl Injection Container Escape (CVE-...

CVE-2022-0811 (cr8escape) is a CRI-O flaw where an unvalidated sysctl injection let attackers escape containers and gain root on Kubernetes hosts.

Nov 21, 20257 min read
Vulnerability Analysis

BuildKit Privileged Entitlement Check Bypass Enabling Hos...

CVE-2024-23653 lets malicious Dockerfiles bypass BuildKit's privileged entitlement check via the interactive containers API, escaping to the host.

Nov 20, 20258 min read
Vulnerability Analysis

BuildKit Build-Time Container Teardown Arbitrary File Del...

A malicious Dockerfile can exploit CVE-2024-23652 to make BuildKit delete arbitrary host files during build teardown. Here's what's affected and how to fix it.

Nov 20, 20257 min read
Concepts

What Is a CVE Numbering Authority (CNA)?

A CNA is an organization authorized to assign CVE identifiers to vulnerabilities in its scope. Here is how CNAs work and why they shape how fast a flaw becomes citable.

Nov 11, 20255 min read
vulnerability-analysis (Page 24) — Safeguard Blog