Title: CVE-2022-36089 | KubeVela up to 1.4.10/1.5.3 VelaUX APIServer getSystemInfo platformID authentication replay (GHSA-cq42-w295-r29q) Description: A vulnerability was found in KubeVela up to 1.4.10/1.5.3. It has been rated as critical. Affected by this issue is the function getSystemInfo of the component VelaUX APIServer. The manipulation of the argument platformID leads to authentication bypass by capture-replay.
Link:
https://vuldb.com/?id.208106
Thu, 08 Sep 2022 10:53:20 +0200
--- The information is for informational purposes only.
* Origin: Read us with
http://winpoint.org/ (2:467/888.88)