593 matches found
CVE-2023-35998 ITM Server Missing Authorization in SOAP Endpoints
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...
CVE-2023-24030
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...
CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...
CVE-2023-33621
CVE-2023-33621 concerns GL.iNET GL-AR750S-Ext firmware v3.215. The OpenVPN Server config file download issue causes the admin authentication token to be inserted into a GET request, leaving the token in browser history or access logs. This could allow a session-replay based bypass of authenticati...
PT-2023-24408 · Gl.Inet · Gl-Ar750S-Ext
Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR750S-Ext firmware version 3.215 Description: The issue concerns the insertion of the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. This token is then left in the browser history ...
Collabora CODE / Collabora Online < 4.2.20 / 5.x < 6.4.16 XSS Vulnerability
Collabora CODE Collabora Online Development Edition and Collabora Online are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SUSE CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...
CVE-2023-1387
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...
CVE-2023-22951
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...
PT-2023-18794 · Tigergraph · Tigergraph Enterprise Free Edition
Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: An issue was discovered where an authentication token for internal system use is created and can be read from the configuration file. Using this token on the REST API provides an...
CVE-2023-22951
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...
SUSE CVE-2006-7108
login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...
SUSE CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service...
CVE-2022-43755 Rancher: Non-random authentication token
A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...
CVE-2023-22495 Izanami is vulnerable to Authorization Bypass
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...
CVE-2022-46156
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...
Tribal Systems Zenario CMS vulnerable to Session Fixation
Tribal Systems Zenario CMS 9.3.57595 is vulnerable to session fixation. In Zenario CMS, the user session identifier authentication token is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active...
PT-2022-27773 · Grafana · Synthetic Monitoring Agent For Grafana
Name of the Vulnerable Software and Affected Versions: Synthetic Monitoring Agent for Grafana versions prior to 0.12.0 Description: The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets...
FreeBSD : Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (6f6c9420-6297-11ed-9ca2-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f6c9420-6297-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source observability and data visualization platform. Versions of Grafana for...
CVE-2022-31689
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token...