4 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the attribute handling logic in restHandler/AttributesRestHandlder.go, which is accessible over the /attributes endpoint with /orchestrator/attributes?key=apiTokenSecret. A user can obtain the global API Token...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the attribute handling logic in restHandler/AttributesRestHandlder.go, which is accessible over the /attributes endpoint with /orchestrator/attributes?key=apiTokenSecret. A user can obtain the global API Token...
PT-2026-6317
Name of the Vulnerable Software and Affected Versions Devtron versions prior to 2.0.0 Description Devtron is a tool integration platform for Kubernetes. A flaw exists in the Attributes API interface that allows authenticated users to obtain the global API Token signing key by accessing the...
CVE-2025-13881
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...