Quick Summary Apache Tomcat Manager Interface Exposed is a security misconfiguration where the Tomcat Manager web application is accessible without proper access control or is exposed to untrusted networks. This may allow attackers to deploy malicious WAR files, execute arbitrary…
Quick Summary Exposed Jenkins Service Without Proper Access Control is a critical misconfiguration where the Jenkins CI/CD server is accessible without authentication or with weak access restrictions. This may allow unauthorized users to view job configurations, access source code repositories,…
Quick Summary Kubernetes API Server Exposed Without Authentication is a critical misconfiguration where the Kubernetes control plane API is accessible without proper authentication or authorization controls. This allows unauthorized users to query cluster information, deploy workloads, access secrets, or potentially…
Quick Summary Open Docker API Port Without TLS is a critical misconfiguration where the Docker Remote API is exposed over TCP (commonly port 2375) without TLS encryption or authentication. This allows unauthenticated users to directly interact with the Docker daemon,…
Quick Summary Open Memcached Service Without Binding Restriction is a critical network misconfiguration where the Memcached service is exposed on all network interfaces without authentication or access control. This allows unauthorized users to read, modify, or flush cached data and…
