LAYER: meta-agl-demo
PACKAGE NAME: dashboard
PACKAGE VERSION: 2.0+git
CVE: CVE-2018-18264
CVE STATUS: Patched
CVE SUMMARY: Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18264

LAYER: meta-agl-demo
PACKAGE NAME: dashboard
PACKAGE VERSION: 2.0+git
CVE: CVE-2018-25063
CVE STATUS: Patched
CVE SUMMARY: A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The identifier of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability.
CVSS v2 BASE SCORE: 4.0
CVSS v3 BASE SCORE: 6.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:S/C:N/I:P/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25063

LAYER: meta-agl-demo
PACKAGE NAME: dashboard
PACKAGE VERSION: 2.0+git
CVE: CVE-2020-29654
CVE STATUS: Unpatched
CVE SUMMARY: Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 7.8
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29654

LAYER: meta-agl-demo
PACKAGE NAME: dashboard
PACKAGE VERSION: 2.0+git
CVE: CVE-2021-27523
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27523

LAYER: meta-agl-demo
PACKAGE NAME: dashboard
PACKAGE VERSION: 2.0+git
CVE: CVE-2021-30144
CVE STATUS: Patched
CVE SUMMARY: The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.
CVSS v2 BASE SCORE: 4.0
CVSS v3 BASE SCORE: 4.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30144