data center security privilege escalation

Overview : Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. CVE-2020-5832 [...]

Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.

Overview : Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3. MICROK8S - PRIVILEGE ESCALATION (CVE-2019-15789) Sep 10 2019 MicroK8s prior to v1.15.3 included a privilege escalation vulnerability, allowing a low privilege user to obtain [...]

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys.

Overview : Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. CVE-2020-7009 Elastic [...]

Cisco Security issues released

Overview : Cisco Aironet Access Points Unauthorized Access Vulnerability CWE-284 / CVE-2019-15260 A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. Cisco Wireless LAN Controller Secure Shell Denial of Service Vulnerability CWE-20 / CVE-2019-15262 A vulnerability in the Secure Shell […]

The Argo Project is an open source provider of Kubernetes CI/CD workflows, facilitating Infrastructure as Code.

Overview : In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. The Argo Project is an open source provider of Kubernetes CI/CD workflows, facilitating Infrastructure as Code. I Identified five security issues in Argo: one sensitive information [...]

Latest Security News about data center security privilege escalation