Количество 12
Количество 12
CVE-2025-59088
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
CVE-2025-59088
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
CVE-2025-59088
If kdcproxy receives a request for a realm which does not have server ...
ROS-20260129-73-0027
Уязвимость python-kdcproxy
GHSA-crfg-8xhr-7q4w
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
RLSA-2025:21142
Important: python-kdcproxy security update
RLSA-2025:21140
Important: idm:DL1 security update
RLSA-2025:21139
Important: python-kdcproxy security update
ELSA-2025-22982
ELSA-2025-22982: python-kdcproxy security update (IMPORTANT)
ELSA-2025-21142
ELSA-2025-21142: python-kdcproxy security update (IMPORTANT)
ELSA-2025-21140
ELSA-2025-21140: idm:DL1 security update (IMPORTANT)
ELSA-2025-21139
ELSA-2025-21139: python-kdcproxy security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-59088 If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected. | CVSS3: 8.6 | 0% Низкий | 3 месяца назад |
 | CVE-2025-59088 If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected. | CVSS3: 8.6 | 0% Низкий | 3 месяца назад |
| CVE-2025-59088 If kdcproxy receives a request for a realm which does not have server ... | CVSS3: 8.6 | 0% Низкий | 3 месяца назад |
 | ROS-20260129-73-0027 Уязвимость python-kdcproxy | CVSS3: 8.6 | 0% Низкий | 11 дней назад |
| GHSA-crfg-8xhr-7q4w If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected. | CVSS3: 8.6 | 0% Низкий | 3 месяца назад |
 | RLSA-2025:21142 Important: python-kdcproxy security update | 3 месяца назад | ||
| RLSA-2025:21140 Important: idm:DL1 security update | 2 месяца назад | ||
| RLSA-2025:21139 Important: python-kdcproxy security update | 3 месяца назад | ||
| ELSA-2025-22982 ELSA-2025-22982: python-kdcproxy security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2025-21142 ELSA-2025-21142: python-kdcproxy security update (IMPORTANT) | 2 месяца назад | ||
| ELSA-2025-21140 ELSA-2025-21140: idm:DL1 security update (IMPORTANT) | 3 месяца назад | ||
| ELSA-2025-21139 ELSA-2025-21139: python-kdcproxy security update (IMPORTANT) | 3 месяца назад |
Уязвимостей на страницу