Lucene search

K

Cve-services Security Vulnerabilities

cve
cve

CVE-2022-31004

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were...

7.5CVSS

7.5AI Score

0.002EPSS

2022-06-02 02:15 PM
566
2
cve
cve

CVE-2022-24875

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software......

7.5CVSS

7.5AI Score

0.001EPSS

2022-04-21 06:15 PM
624
cve
cve

CVE-2021-46561

controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new...

7.2CVSS

6.9AI Score

0.001EPSS

2022-01-26 06:15 PM
28