MEDIUM4.4CVE-2024-2689Temporal Server Denial of Service in go.temporal.io/server from 0, < 1.20.5, >= 1.21.0, < 1.21.6, >= 1.22.0-rc1, < 1.22.7
LOW3.0CVE-2023-3485Insecure Default Authorization in Temporal Server from 0, < 1.20.0
LOW3.0CVE-2023-3485Insecure Default Authorization in Temporal Server from 0, < 1.20.0
—Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint
from 0, < 1.28.4
—Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster
>= 1.30.0-143.0, < 1.30.3
—Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts in go.temporal.io/server
>= 1.24.0, < 1.27.4
—Temporal has an Incorrect Authorization vulnerability in go.temporal.io/server
from 0, < 1.27.4
—Temporal has an Incorrect Authorization vulnerability in go.temporal.io/server
from 0, < 1.27.4, >= 1.28.0, < 1.28.2, >= 1.29.0, < 1.29.2
—Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts in go.temporal.io/server
>= 1.24.0, < 1.27.4, >= 1.28.0, < 1.28.2, >= 1.29.0, < 1.29.2
—Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling in go.temporal.io/server
from 0, < 1.26.3
—Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling in go.temporal.io/server
from 0, < 1.26.3, >= 1.27.0-126.0, < 1.27.3, >= 1.28.0-129.0, < 1.28.1