Tillid

Sikkerhedsmeddelelser

Koordinerede offentliggørelser og hardening-noter. Vi offentliggør, når rettelser er tilgængelige, eller efter gensidig aftale.

4 sikkerhedsmeddelelser
ADV-2025-0004Høj

Auth bypass via misconfigured OIDC trust

18. jul. 2025 • CVE-2025-12345 • Multiple SaaS with bring-your-own IdP

Improper audience checks allowed forged tokens to be accepted across tenants. Rotate secrets, enforce audience, and re-issue sessions.

Offentliggørelsespolitik
ADV-2025-0003Kritisk

RCE chain in legacy file converter

02. maj 2025 • CVE-2025-10422, CVE-2025-10423 • On-prem converter 3.x

Chained deserialization and path traversal enabled code execution under service account. Patch 3.4.2 or disable converter.

Offentliggørelsespolitik
ADV-2024-0011Høj

Privilege escalation via setuid helper

10. nov. 2024 • CVE-2024-9876 • Linux agent ≤ 2.9

Untrusted env passed to setuid helper. Remove setuid bit or upgrade to 2.10.1 where helper drops unsafe env.

Offentliggørelsespolitik
ADV-2024-0007Middel

Excessive S3 permissions in backup pipeline

28. jun. 2024 • Backup runner role

Wildcard actions allowed cross-account writes. Scope actions, apply bucket policies, and rotate credentials.

Offentliggørelsespolitik