66 matches found
CVE-2020-12689
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...
PT-2020-13206 · Openstack +1 · Openstack Keystone +1
Name of the Vulnerable Software and Affected Versions: OpenStack Keystone versions prior to 15.0.1 OpenStack Keystone version 16.0.0 Description: An issue allows any user authenticated within a limited scope to create an EC2 credential with escalated permission, such as obtaining admin while the...
Authorization
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organizations can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global...
CVE-2017-7505
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organizations can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global...
CVE-2017-7505
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organizations can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global...
ezContents 2.0.3 showpoll.php GLOBALS[admin_home] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote fi...