![]() ![]() DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. ![]() Affected Docker Desktop versions: from 4.13.0 before 4.23.0.ĭataHub is an open-source metadata platform. ![]() This issue has been fixed in Docker Desktop 4.23.0. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.ĭocker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |