Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities found for keti by eclipse

    CVE-2021-32835 (GCVE-0-2021-32835)

    Vulnerability from cvelistv5 – Published: 2021-09-09 01:50 – Updated: 2024-08-03 23:33
    VLAI
    Title
    Groovy Sandbox escape in Eclipse Keti
    Summary
    Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
    Severity
    No CVSS data available.
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Impacted products
    Vendor Product Version
    eclipse keti Affected: <= a1c8dbe
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:33:56.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "keti",
              "vendor": "eclipse",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= a1c8dbe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-09T01:50:11.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
            }
          ],
          "source": {
            "advisory": "GHSL-2021-063",
            "discovery": "INTERNAL"
          },
          "title": "Groovy Sandbox escape in Eclipse Keti",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-32835",
              "STATE": "PUBLIC",
              "TITLE": "Groovy Sandbox escape in Eclipse Keti"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "keti",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= a1c8dbe"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "eclipse"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-693 Protection Mechanism Failure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/",
                  "refsource": "CONFIRM",
                  "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
                }
              ]
            },
            "source": {
              "advisory": "GHSL-2021-063",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-32835",
        "datePublished": "2021-09-09T01:50:11.000Z",
        "dateReserved": "2021-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:33:56.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32834 (GCVE-0-2021-32834)

    Vulnerability from cvelistv5 – Published: 2021-09-09 01:50 – Updated: 2024-08-03 23:33
    VLAI
    Title
    Arbitrary Groovy script evaluation in Eclipse Keti
    Summary
    Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    eclipse keti Affected: <= a1c8dbe
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:33:55.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "keti",
              "vendor": "eclipse",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= a1c8dbe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-09T01:50:09.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
            }
          ],
          "source": {
            "advisory": "GHSL-2021-063",
            "discovery": "INTERNAL"
          },
          "title": "Arbitrary Groovy script evaluation in Eclipse Keti",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-32834",
              "STATE": "PUBLIC",
              "TITLE": "Arbitrary Groovy script evaluation in Eclipse Keti"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "keti",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= a1c8dbe"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "eclipse"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/",
                  "refsource": "CONFIRM",
                  "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
                }
              ]
            },
            "source": {
              "advisory": "GHSL-2021-063",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-32834",
        "datePublished": "2021-09-09T01:50:10.000Z",
        "dateReserved": "2021-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:33:55.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32835 (GCVE-0-2021-32835)

    Vulnerability from nvd – Published: 2021-09-09 01:50 – Updated: 2024-08-03 23:33
    VLAI
    Title
    Groovy Sandbox escape in Eclipse Keti
    Summary
    Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
    Severity
    No CVSS data available.
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    Impacted products
    Vendor Product Version
    eclipse keti Affected: <= a1c8dbe
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:33:56.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "keti",
              "vendor": "eclipse",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= a1c8dbe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection Mechanism Failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-09T01:50:11.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
            }
          ],
          "source": {
            "advisory": "GHSL-2021-063",
            "discovery": "INTERNAL"
          },
          "title": "Groovy Sandbox escape in Eclipse Keti",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-32835",
              "STATE": "PUBLIC",
              "TITLE": "Groovy Sandbox escape in Eclipse Keti"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "keti",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= a1c8dbe"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "eclipse"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-693 Protection Mechanism Failure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/",
                  "refsource": "CONFIRM",
                  "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
                }
              ]
            },
            "source": {
              "advisory": "GHSL-2021-063",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-32835",
        "datePublished": "2021-09-09T01:50:11.000Z",
        "dateReserved": "2021-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:33:56.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32834 (GCVE-0-2021-32834)

    Vulnerability from nvd – Published: 2021-09-09 01:50 – Updated: 2024-08-03 23:33
    VLAI
    Title
    Arbitrary Groovy script evaluation in Eclipse Keti
    Summary
    Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    eclipse keti Affected: <= a1c8dbe
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:33:55.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "keti",
              "vendor": "eclipse",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= a1c8dbe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-09T01:50:09.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
            }
          ],
          "source": {
            "advisory": "GHSL-2021-063",
            "discovery": "INTERNAL"
          },
          "title": "Arbitrary Groovy script evaluation in Eclipse Keti",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2021-32834",
              "STATE": "PUBLIC",
              "TITLE": "Arbitrary Groovy script evaluation in Eclipse Keti"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "keti",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c= a1c8dbe"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "eclipse"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/",
                  "refsource": "CONFIRM",
                  "url": "https://securitylab.github.com/advisories/GHSL-2021-063-eclipse-keti/"
                }
              ]
            },
            "source": {
              "advisory": "GHSL-2021-063",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-32834",
        "datePublished": "2021-09-09T01:50:10.000Z",
        "dateReserved": "2021-05-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:33:55.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }