21 matches found
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the api/v1/ingestionPipelines endpoint, which exposes JWT tokens used by privileged bot accounts in API responses. An attacker can gain unauthorized access to sensitive data and...
The Impact of Robotic Process Automation (RPA) on Identity and Access Management
As enterprises refine their strategies for handling Non-Human Identities NHIs, Robotic Process Automation RPA has become a powerful tool for streamlining operations and enhancing security. However, since RPA bots have varying levels of access to sensitive information, enterprises must be prepared...
EUVD-2023-26641
Malicious code in bioql PyPI...
EUVD-2022-49214
Malicious code in bioql PyPI...
SUSE CVE-2025-2571
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
CVE-2025-2571
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
GHSA-8CGX-9CCJ-3GWR Mattermost fails to clear Google OAuth credentials
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
CVE-2025-2571
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
CVE-2025-2571
Mattermost server versions 9.11.x <= 9.11.12, 10.5.x <= 10.5.3, 10.6.x <= 10.6.2, and 10.7.x
CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
CVE-2025-2571 Google OAuth Authentication Bypass for Converted Bot Accounts
Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow...
PT-2025-23307 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.12 Mattermost versions 10.5.x through 10.5.3 Mattermost versions 10.6.x through 10.6.2 Mattermost versions 10.7.x through 10.7.0 Description: The issue arises when Mattermost fails to clear Google OAuth...
CVE-2022-46405
Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...
BIT-MASTODON-2022-46405
Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...
An Authentication Vulnerability Discovered in Jira Service Management Server and Data Center
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security vulnerability was found in Jira Service Management Server and Data Center versions 5.3.0 to 5.5.0 which allows an attacker to access a Jira Service Management instance by impersonating...
CVE-2023-22501
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances. With write access to a User Directory and outgoing email enabled...
CVE-2022-46405
Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...
Code injection
Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...
CVE-2022-46405
Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...
PT-2022-27857 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions through 4.0.2 Description: The issue allows attackers to cause a denial of service by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, resulting...