CVE-2024-1155 Incorrect permissions for shared NI SystemLink Elixir based services

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-1155

CVE-2024-1155 describes incorrect permissions in the installation directories for shared NI SystemLink Elixir based services, leading to potential privilege escalation via local access by an authenticated user. The root cause is improper permissions on installation paths that allow unauthorized l...

Samly access control vulnerability

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...

GHSA-H3RW-77W7-92GF Samly access control vulnerability

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...

CVE-2024-25718

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...

Design/Logic Flaw

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...

CVE-2024-25718

The CVE-2024-25718 issue affects the Samly package for Elixir prior to 1.4.0. The vulnerability stems from Samly.State.Store.get_assertion/3 returning an expired session, and Samly.AuthHandler caching that session so it is not replaced after expiry, potentially bypassing access controls. Affected...

CVE-2024-25718

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...

CVE-2021-4430

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...

CVE-2021-4430

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...

Design/Logic Flaw

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...

CVE-2021-4430

CVE-2021-4430 affects Ortus Solutions ColdBox Elixir 3.1.6, specifically the ENV Variable Handler’s file src/defaultConfig.js, leading to information disclosure. A fix is available in ColdBox Elixir 3.1.7; the patch is identified as a3aa62daea2e44c76d08d1eac63768cd928cd69e, per the vulnerability ...

CVE-2021-4430 Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...

CVE-2021-4430 Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure

A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address th...

Ortus Solutions ColdBox Elixir Information Disclosure Vulnerability

Ortus Solutions ColdBox Elixir is a professional open source software from Ortus Solutions that provides custom development, training, server tuning, security hardening, code review, professional support and guidance. An information disclosure vulnerability exists in Ortus Solutions ColdBox Elixi...

PT-2023-12543

Name of the Vulnerable Software and Affected Versions Ortus Solutions ColdBox Elixir version 3.1.6 Description A problematic vulnerability has been found in Ortus Solutions ColdBox Elixir, affecting the ENV Variable Handler component, specifically the file src/defaultConfig.js. This issue leads t...

Pow security breach

Pow is an open source, complete authentication and user management library built into Elixir that works out-of-the-box for Phoenix and Plug-based applications while being fully customizable. A security vulnerability exists in Pow versions 1.0.14 through 1.0.34, which stems from the vulnerability ...

Mind-elixir Cross-site Scripting vulnerability

Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1...

GHSA-M22Q-97P5-79V2 Mind-elixir Cross-site Scripting vulnerability

Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1...

CVE-2021-32851

Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1...