Lucene search
K

593 matches found

Cvelist
Cvelist
added 2023/06/27 2:30 p.m.19 views

CVE-2023-35998 ITM Server Missing Authorization in SOAP Endpoints

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...

4.6CVSS5AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2023/06/15 9:15 p.m.22 views

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

6.1CVSS6.4AI score
Exploits0References2
NVD
NVD
added 2023/06/13 4:15 p.m.20 views

CVE-2023-33621

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...

5.9CVSS5.9AI score0.00953EPSS
Exploits1References3
CVE
CVE
added 2023/06/13 12:0 a.m.44 views

CVE-2023-33621

CVE-2023-33621 concerns GL.iNET GL-AR750S-Ext firmware v3.215. The OpenVPN Server config file download issue causes the admin authentication token to be inserted into a GET request, leaving the token in browser history or access logs. This could allow a session-replay based bypass of authenticati...

5.9CVSS5.9AI score0.00953EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.6 views

PT-2023-24408 · Gl.Inet · Gl-Ar750S-Ext

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR750S-Ext firmware version 3.215 Description: The issue concerns the insertion of the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. This token is then left in the browser history ...

5.9CVSS5.8AI score0.00953EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/05/23 12:0 a.m.20 views

Collabora CODE / Collabora Online < 4.2.20 / 5.x < 6.4.16 XSS Vulnerability

Collabora CODE Collabora Online Development Edition and Collabora Online are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

8.2CVSS6.1AI score0.00646EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/04/28 1:57 a.m.3 views

SUSE CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

4.2CVSS9.6AI score0.01504EPSS
Exploits1References9
NVD
NVD
added 2023/04/26 2:15 p.m.16 views

CVE-2023-1387

Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter authtoken and use it as the authentication token. By enabling the "urllogin" configuration option disabled by default, a...

7.5CVSS5.8AI score0.01504EPSS
Exploits1References3
NVD
NVD
added 2023/04/13 8:15 p.m.22 views

CVE-2023-22951

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...

8.8CVSS8.7AI score0.00827EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/13 12:0 a.m.5 views

PT-2023-18794 · Tigergraph · Tigergraph Enterprise Free Edition

Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: An issue was discovered where an authentication token for internal system use is created and can be read from the configuration file. Using this token on the REST API provides an...

8.8CVSS8.7AI score0.00827EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/04/13 12:0 a.m.7 views

CVE-2023-22951

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...

7AI score0.00827EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.4 views

SUSE CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

4.1CVSS7.1AI score0.00337EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.3 views

SUSE CVE-2020-36382

OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service...

7.5CVSS7.7AI score0.01891EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/07 12:0 a.m.8 views

CVE-2022-43755 Rancher: Non-random authentication token

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...

7.1CVSS7AI score0.0172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/14 12:47 a.m.9 views

CVE-2023-22495 Izanami is vulnerable to Authorization Bypass

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...

9.8CVSS9.8AI score0.01147EPSS
Exploits1References2
NVD
NVD
added 2022/11/30 10:15 p.m.32 views

CVE-2022-46156

The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token...

7.2CVSS0.00473EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/11/30 12:30 p.m.33 views

Tribal Systems Zenario CMS vulnerable to Session Fixation

Tribal Systems Zenario CMS 9.3.57595 is vulnerable to session fixation. In Zenario CMS, the user session identifier authentication token is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active...

5.4CVSS6.1AI score0.00443EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/30 12:0 a.m.4 views

PT-2022-27773 · Grafana · Synthetic Monitoring Agent For Grafana

Name of the Vulnerable Software and Affected Versions: Synthetic Monitoring Agent for Grafana versions prior to 0.12.0 Description: The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets...

7.2CVSS9.6AI score0.00473EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2022/11/13 12:0 a.m.33 views

FreeBSD : Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (6f6c9420-6297-11ed-9ca2-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6f6c9420-6297-11ed-9ca2-6c3be5272acd advisory. - Grafana is an open source observability and data visualization platform. Versions of Grafana for...

7.5CVSS7.9AI score0.00964EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/09 12:0 a.m.4 views

CVE-2022-31689

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token...

9.5AI score0.00824EPSS
Exploits0References1
Rows per page
Query Builder