154 matches found
PT-2021-15419
Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions prior to 7.4.11 Atlassian Confluence versions 7.3.0 through 7.3.6 Atlassian Confluence versions 7.0.0 through 7.0.14 Atlassian Confluence versions 6.13.0 through 6.15.9 Description The issue allows authenticated...
CVE-2021-21480
SAP MII allows users to create dashboards and save them as JSP through the SSCE Self Service Composition Environment. An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAPXMII...
CVE-2020-15248
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user ha...
October CMS Permission and Access Control Issues Vulnerability
October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. A security vulnerability exists in October 1.0.319 and versions prior to 1.0.470, which stems from the fact that back-end users with the default "Publisher" system role can create a...
CVE-2020-13341
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions...
PT-2020-13482 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: An issue has been discovered in GitLab where an insufficient permission check allows an attacker with a developer role to perform...
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
UBUNTU-CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
CVE-2020-7018
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
Default credentials
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same...
Enterprise Search 7.9.0 security update
Enterprise Search credential exposure flaw ESA-2020-11 Elastic Enterprise Search versions before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ‘developer’ role, they will be able to view the administrator API credentials. These credentials could allo...
CVE-2020-7910
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...
CVE-2020-7910
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role...