MidnightBSD

Advisories for kong

CVE-2012-6572 MEDIUM

Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kong inf08 6.x-1.6
kong inf08 6.x-1.0-beta2
kong inf08 6.x-1.x-dev
kong inf08 6.x-1.9
kong inf08 6.x-1.5
kong inf08 6.x-1.4
kong inf08 6.x-1.8
kong inf08 6.x-1.7
kong inf08 6.x-1.0-beta1
kong inf08 6.x-1.3
kong inf08 6.x-1.2
kong inf08 6.x-1.0
kong inf08 6.x-1.1
CVE-2020-35189 HIGH

The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
kong kong_alpine_docker_image *