Описание
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:twistlock:authz_broker:0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00237
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed.
EPSS
Процентиль: 46%
0.00237
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo