CVE-2023-21408 Insufficient file permissions leak user credentials of 3rd party integration interfaces in AXIS License Verifier ACAP

Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems...

CVE-2023-21408 Insufficient file permissions leak user credentials of 3rd party integration interfaces in AXIS License Verifier ACAP

Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems...

CVE-2023-21408

CVE-2023-21408: The description indicates an issue of insufficient file permissions that could let unprivileged users access unencrypted credentials used by the integration interface to third-party systems. The provided metrics show a high to critical impact (confidentiality, integrity, availabil...

HackerOne: Reflected XSS and possible SSRF/XXE on https://events.hackerone.com/conferences/get_recording_slides_xml.xml?url=myserver/xss.xml

@nagli found a reflected Cross-Site Scripting XSS, Server-Side Request Forgery SSRF, and XML External Entity XXE vulnerability in a 3rd party vendor that was used by HackerOne. This system did not contain any data related to reports submitted and stored on hackerone.com. HackerOne worked with the...

HackerOne: Open Redirect on http://events.hackerone.com/redirect?url=https://naglinagli.github.io

@nagli found an open redirect vulnerability in a 3rd party vendor that was used by HackerOne. This system did not contain any data related to reports submitted and stored on hackerone.com. HackerOne worked with the vendor to remediate the vulnerability. The report is partially disclosed to...