Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rhcl: authpolicy callbacks result in denial of service in authorino severity
Vulnerability Description
The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Red Hat Connectivity Link 资源管理错误漏洞
Vulnerability Description
Red Hat Connectivity Link是美国红帽(Red Hat)公司的一个Kubernetes 网络连接管理平台。 Red Hat Connectivity Link存在资源管理错误漏洞,该漏洞源于开发者可添加大量回调导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A