-
Notifications
You must be signed in to change notification settings - Fork 150
Security: uselagoon/lagoon
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Potential for "Maintainer" users to assign "Owner" roles inside their groupsGHSA-75pm-pmwq-gg2c published
Jul 4, 2023 by tobybellwoodModerate -
Insertion of Sensitive Information into log file by lagoon-coreGHSA-hcvj-w4g2-4q2x published
Oct 10, 2022 by tobybellwoodHigh -
Improper creation of OpenDistro/OpenSearch index role permissions by the Lagoon APIGHSA-7jj3-wwp7-989p published
May 18, 2022 by tobybellwoodModerate -
Keycloak configured with empty client secretGHSA-jr7f-g7p4-v985 published
Apr 11, 2022 by tobybellwoodCritical -
Lagoon audit logs expose bearer tokens for transactionsGHSA-337r-w6qg-2398 published
Oct 1, 2021 by tobybellwoodHigh -
Credentials stored in lagoon api environment variables exposed in logsGHSA-v25f-78mj-cvv5 published
Oct 1, 2021 by tobybellwoodModerate -
Lagoon API doesn't always check that a user has permission to view project private keyGHSA-crwh-7mmw-pv2q published
May 10, 2022 by tobybellwoodModerate