IDOR can reveal execution data and logs to unauthorized user in Rundeck

Impact Authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is...

Apache NiFi Registry Code Issue Vulnerability

Apache NiFi is a data processing and distribution system from the Apache Software Foundation in the United States. The system is primarily used for data routing, transformation, and system intermediary logic.NiFi Registry is one of the registries used to store and manage the versioning process. A...

CVE-2020-9482

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

Authentication flaw

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

CVE-2020-9482

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

CVE-2020-9482

CVE-2020-9482 affects NiFi Registry versions 0.1.0 to 0.5.0. The root cause is using an authentication mechanism other than PKI where, on logout, the server does not invalidate the token; only the client-side token is invalidated. As a result, the token may remain usable for up to 12 hours after ...

Improper Token Handling

Apache NiFi Registry is vulnerable to authentication bypass. During logging out, the authentication mechanism other than PKI does not invalidate the token on the server side, but only on the client side, allowing the client to make a API requests up to 12 hours after logging out...

CVE-2019-4751

IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...

Information disclosure

IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...

CVE-2019-4751

CVE-2019-4751 affects IBM Cloud App Management 2019.3.0 and 2019.4.0, where API requests reveal a stack trace that can disclose implementation details. This is an information-disclosure vulnerability stemming from stack traces exposed by the service. Affected versions: IBM Cloud App Management V2...

CVE-2019-4751

IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...

Security Bulletin: A vulnerability in IBM Cloud App Management reveals a stack trace on certain API requests (CVE-2019-4751)

Summary IBM Cloud App Management reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. This vulnerability has been addressed by IBM Cloud App Management in a later version. Vulnerability Details CVEID: CVE-2019-4751...

Directory traversal

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. dot dot in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete...

Cross site request forgery (csrf)

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...

CVE-2019-16513

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...

CVE-2019-16513

ConnectWise Control (formerly ScreenConnect) 19.3.25270.7185 is affected by a CSRF issue that can be used to send API requests without user authorization. The root cause is CSRF in the web/API surface, enabling potentially unauthorized actions via forged requests. Concrete impact is partial to hi...

GHSA-FMQW-VQH5-CWQ9 Apache NiFi user log out issue

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

Apache NiFi user log out issue

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

CVE-2019-12421

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

CVE-2019-12421

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...