Activity log
- Created suggestion
Improper Access Control in github.com/ctfer-io/monitoring
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. This vulnerability is fixed in 0.2.1.
References
-
https://github.com/ctfer-io/monitoring/security/advisories/GHSA-7x23-j8gv-v54x x_refsource_CONFIRM
Affected products
- ==< 0.2.1
Matching in nixpkgs
pkgs.monitoring-plugins
Official monitoring plugins for Nagios/Icinga/Sensu and others
pkgs.perlPackages.MonitoringPlugin
A family of perl modules to streamline writing Naemon, Nagios, Icinga or Shinken (and compatible) plugins
pkgs.perl5Packages.MonitoringPlugin
A family of perl modules to streamline writing Naemon, Nagios, Icinga or Shinken (and compatible) plugins
pkgs.haskellPackages.gogol-monitoring
Google Stackdriver Monitoring SDK
pkgs.perl538Packages.MonitoringPlugin
A family of perl modules to streamline writing Naemon, Nagios, Icinga or Shinken (and compatible) plugins
pkgs.perl540Packages.MonitoringPlugin
A family of perl modules to streamline writing Naemon, Nagios, Icinga or Shinken (and compatible) plugins
pkgs.python312Packages.google-cloud-monitoring
Stackdriver Monitoring API client library
pkgs.python313Packages.google-cloud-monitoring
Stackdriver Monitoring API client library
pkgs.python314Packages.google-cloud-monitoring
Stackdriver Monitoring API client library
pkgs.home-assistant-component-tests.victron_remote_monitoring
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-component-tests.victron_remote_monitoring
Open source home automation that puts local control and privacy first
Package maintainers
-
@relrod Ricky Elrod <ricky@elrod.me>
-
@thoughtpolice Austin Seipp <aseipp@pobox.com>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>