CVE-2020-13346

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API...

CVE-2020-24333

A vulnerability in Arista’s CloudVision Portal CVP prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API...

CVE-2020-14517

Protocol encryption can be easily broken for CodeMeter All versions prior to 6.90 are affected, including Version 6.90 or newer only if CodeMeter Runtime is running as server and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API...

PT-2020-13425 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered in GitLab related to API authorization using outdated CI job tokens. Recommendations: For versions...

New Relic: Getting API access key Through Introspection query Graphql

The introspection query should only be allowed internally and should not be allowed to the general public. If we can fetch the entire back-end API documentation and calls available on a server then that can be very dangerous is many cases what if we could get our hands on some API calls only mean...

CVE-2020-12432

The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...

Improper access control

The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtai...

CVE-2020-12432

Summary: CVE-2020-12432 affects Collabora CODE/WOPI integration used by Vereign Collabora CODE up to version 4.2.2. The vulnerability arises from improper restriction of JavaScript delivery to a user’s browser and weak MIME-type access control, enabling cross-site scripting that can steal credent...

PT-2020-14372 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue is related to the use of GET request method with sensitive query strings for /cnr requests. This could potentially expose sensitive information. Recommendations: F...

Mattermost Server Information Disclosure Vulnerability (CNVD-2020-35465)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.0.0. An attacker can use the API to exploit the vulnerability to obtain sensitive information about a team's URL...

PT-2020-8462

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 3.8.2 Mattermost Server versions prior to 3.7.5 Mattermost Server versions prior to 3.6.7 Description: The issue concerns API endpoint access control not honoring an integration permission restriction...

ConnectWise Automate SQL Injection Vulnerability

ConnectWise Automate is a cloud-based, local IT automation solution from ConnectWise USA. The product supports content management, file sharing, IT asset tracking and management, and more. A security vulnerability exists in ConnectWise Automate. An attacker could leverage the Automate API to...

Unspecified Vulnerability in GitLab (CNVD-2020-63394 )

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...

Mitigating Credential Stuffing Attacks in the Financial Sector

If You Think Multi-Factor Authentication Prevents Credential Stuffing, Think Again! Financial services firms around the world are experiencing credential stuffing attacks at an alarming rate. Cybercriminals are using readily available automation tools, botnets, and compromised account credentials...

h1-ctf: [H1-2006 2020] Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or using a custom API attack tool

H1-2006 CTF Writeup F859938 Summary: Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of...

PT-2020-13411 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.3 through 13.0.1 Description: A missing permission check on fork relation creation in GitLab CE/EE allows guest users to create a fork relation on restricted public projects via the API. Recommendations: For GitLab...

Services - Moderately critical - Access bypass - SA-CONTRIB-2020-022

This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The module's taxonomy term index resource doesn't take into consideration certain access control tags provided but unused by core, that certain contrib modules depend on. This...

MGASA-2020-0220 Updated glpi packages fix security vulnerabilities

Updated glpi packages fix security vulnerabilities: In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All apitokens which can be used to do privileges...

CVE-2020-3956

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...

Remote code execution

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...