Monthly
Content Security Policy weakness in HCL Hive Telco Observability's Keycloak authentication component allows remote attackers to leverage missing CSP directives for client-side attacks against authenticated users. The CVSS 8.1 (AV:N/AC:L/PR:N/UI:R) rating reflects high confidentiality and integrity impact contingent on user interaction, with no public exploit identified at time of analysis. The flaw resides in the web application's browser security headers rather than server-side logic.
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Content Security Policy weakness in HCL Hive Telco Observability's Keycloak authentication component allows remote attackers to leverage missing CSP directives for client-side attacks against authenticated users. The CVSS 8.1 (AV:N/AC:L/PR:N/UI:R) rating reflects high confidentiality and integrity impact contingent on user interaction, with no public exploit identified at time of analysis. The flaw resides in the web application's browser security headers rather than server-side logic.
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.