Tag: Security
Misconfigurations or vulnerabilities in authentication, authorization, or encryption.
| ID | Title | Description | Category | Technology | Tags |
|---|---|---|---|---|---|
| CRE-2025-0031 Medium Impact: 5/10 Mitigation: 5/10 | Django returns DisallowedHost error for untrusted HTTP_HOST headers | Django applications may return a "DisallowedHost" error when receiving requests with an unrecognized or missing Host header. This typically occurs in production environments where reverse proxies, load balancers, or external clients send requests using an unexpected domain or IP address. Django blocks these requests unless the domain is explicitly listed in `ALLOWED_HOSTS`. | Framework Problems | django | DjangoDisallowedhostConfigurationWebSecurityHost HeaderPublic |
| CRE-2025-0043 Medium Impact: 4/10 Mitigation: 2/10 | Grafana fails to load plugin due to missing signature | Grafana may reject custom or third-party plugins at runtime if they are not digitally signed. When plugin signature validation is enabled (default since Grafana 8+), unsigned plugins are blocked and logged as validation errors during startup or plugin loading. | Observability Problems | grafana | GrafanaPluginValidationSignatureConfigurationSecurityKnown IssuePublic |
| CRE-2025-0044 High Impact: 9/10 Mitigation: 1/10 | NGINX Config Uses Insecure TLS Ciphers | Detects NGINX configuration files that advertise obsolete and cryptographically weak ciphers (RC4-MD5, RC4-SHA, DES-CBC3-SHA). These ciphers are vulnerable to several well-known attacks—including BEAST, BAR-Mitzvah, Lucky-13, and statistical biases in RC4—placing any client–server communication at risk of interception or tampering. | Insecure Configuration | nginx | NginxWeak CiphersSecurityConfigurationTLSKnown IssuePublic |
| CRE-2025-0045 Medium Impact: 4/10 Mitigation: 4/10 | NATS Authorization Failure Detected | The NATS server has emitted an **Authorization Violation** log entry, meaning a client attempted to connect, publish, subscribe, or perform another operation for which it lacks permission. Intermittent violations often point to misconfiguration or start-up chaos. However, sustained or widespread violations can signal credential expiry or missing secrets. | Authorization Problems | nats | NATSSecurityAuthorizationPublic |
| CRE-2025-0046 Medium Impact: 4/10 Mitigation: 4/10 | NATS Permissions Violation Detected | The NATS server has emitted an **Permission Violation** log entry, meaning a client attempted to publish or subscribe to a subject for which it lacks permission. | Authorization Problems | nats | NATSSecurityAuthorizationPublic |
| CRE-2025-0072 Critical Impact: 10/10 Mitigation: 7/10 | Redis Out-Of-Memory → Persistence Crash → Replica/ACL Write Failures | Detects a cascade of critical Redis failure modes in a single session: - Redis refuses writes when maxmemory is exceeded (OOM). - RDB snapshot (BGSAVE) fails (MISCONF) due to simulated full-disk. - Replica refuses writes (READONLY). - ACL denies a write (NOPERM). | In-Memory Database Problems | redis | RedisOut of MemoryPersistenceRDBMISCONFREADONLYACLSecurity |