14 matches found
EUVD-2019-16862
Malware in sbrugna...
EUVD-2023-32291
Malicious code in bioql PyPI...
CVE-2023-28623
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...
CVE-2019-7319
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges...
CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
PYSEC-2024-158
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
DEBIAN-CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
UBUNTU-CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
Authentication Bypass
Overview djoser is a REST implementation of Django authentication system. Affected versions of this package are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid...
CVE-2023-28623 Unauthorized user can register an account in specific configurations in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...
PT-2023-21856 · Zulip · Zulip
Name of the Vulnerable Software and Affected Versions: Zulip versions prior to 6.2 Description: Zulip is an open-source team collaboration tool with unique topic-based threading. An attacker can create a new account in the organization with an arbitrary email address in their control that's not i...
OTRS ITSM 授权问题漏洞
OTRS ITSM is a suite of foundational solutions for IT service management organizations from OTRS Germany. The solution is based on ITIL best practices and provides management tools for request and fault management, problem management, change management and release management. A security...
CVE-2019-7319
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges...
CVE-2019-7319
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges...