171 matches found
October CMS Permission and Access Control Issues Vulnerability
October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. A security vulnerability exists in October 1.0.319 and versions prior to 1.0.470, which stems from the fact that back-end users with the default "Publisher" system role can create a...
CVE-2020-13341
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions...
PT-2020-13482 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: An issue has been discovered in GitLab where an insufficient permission check allows an attacker with a developer role to perform...
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
UBUNTU-CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
Default credentials
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
Enterprise Search 7.9.0 security update
Enterprise Search credential exposure flaw ESA-2020-11 Elastic Enterprise Search versions before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ‘developer’ role, they will be able to view the administrator API credentials. These credentials could allo...
CVE-2020-7910
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...
CVE-2020-7910
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...