Lucene search
K

236 matches found

RedhatCVE
RedhatCVE
added 2025/09/10 9:17 p.m.10 views

CVE-2025-57817

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

8.6CVSS7AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/10 9:17 p.m.8 views

CVE-2025-57816

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

7.5CVSS6.7AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/10 9:17 p.m.8 views

CVE-2025-57766

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS ca...

6.3CVSS6.8AI score0.00275EPSS
Exploits1References1
NVD
NVD
added 2025/09/08 10:15 p.m.29 views

CVE-2025-57816

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

7.5CVSS0.00406EPSS
Exploits0References3
NVD
NVD
added 2025/09/08 10:15 p.m.28 views

CVE-2025-57766

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS ca...

6.3CVSS0.00275EPSS
Exploits1References3
NVD
NVD
added 2025/09/08 10:15 p.m.34 views

CVE-2025-57817

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

8.6CVSS0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/08 9:41 p.m.5 views

Improper Control of Interaction Frequency

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Improper Control of Interaction Frequency due to inefficient built-in IP-based rate limiting in environments with CDNs, proxies or load balancers. An attacker can...

7.5CVSS6.7AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2025/09/08 9:17 p.m.11 views

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

8.6CVSS6.8AI score0.00392EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/08 9:17 p.m.22 views

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

8.6CVSS0.00392EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/08 9:17 p.m.4 views

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

8.6CVSS6.6AI score0.00392EPSS
Exploits0References3
CVE
CVE
added 2025/09/08 9:17 p.m.30 views

CVE-2025-57817

The CVE describes a privilege-escalation flaw in Fides: before version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment, allowing users with client:create or client:update permissions to elevate to owner-level. Affected c...

8.6CVSS6.6AI score0.00392EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/09/08 9:14 p.m.25 views

CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

6.3CVSS0.00406EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/08 9:14 p.m.1 views

CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

6.3CVSS6.3AI score0.00406EPSS
Exploits0References3
CVE
CVE
added 2025/09/08 9:14 p.m.27 views

CVE-2025-57816

CVE-2025-57816 concerns the Fides Webserver API rate limiting. The issue arises in deployments that rely on the built‑in IP‑based rate limiter in proxied environments (CDNs, proxies, load balancers): limits are applied to the immediate connection IP rather than the client IP, and counters are sto...

7.5CVSS6.3AI score0.00406EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/08 9:14 p.m.5 views

CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

6.3CVSS6.5AI score0.00406EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/08 9:12 p.m.35 views

CVE-2025-57766 Fides's Admin UI User Password Change Does Not Invalidate Current Session

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS ca...

6.3CVSS0.00275EPSS
Exploits1References3
CVE
CVE
added 2025/09/08 9:12 p.m.20 views

CVE-2025-57766

CVE-2025-57766 affects the Fides open-source privacy engineering platform. Prior to version 2.69.1, when an admin UI password is changed, existing active sessions are not invalidated, allowing an attacker who has obtained a valid session token (for example via XSS or other vector) to maintain acc...

6.3CVSS6.4AI score0.00275EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/09/08 9:12 p.m.15 views

CVE-2025-57766 Fides's Admin UI User Password Change Does Not Invalidate Current Session

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS ca...

6.3CVSS6.6AI score0.00275EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/08 9:11 p.m.34 views

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

6.3CVSS0.00277EPSS
Exploits0References3
OSV
OSV
added 2025/09/08 9:11 p.m.6 views

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

6.3CVSS6.8AI score0.00277EPSS
Exploits0References5
Rows per page
Query Builder