5822 matches found
Authorization
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login...
CVE-2017-0926
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login...
CVE-2017-0927
CVE-2017-0927 affects GitLab Community Edition 10.3 in the deployment keys component, with an improper authorization flaw that allowed guest users to unauthorized use deployment keys. According to NVD, CVSS v3 base score is 6.5 (network, low attack complexity, privileges required: low, no user in...
CVE-2017-0926
GitLab Community Edition 10.3 is affected by an improper authorization in the Oauth sign-in component, enabling unauthorized user login. Root cause: OAuth sign-in bypass allows login without proper authorization. Impact: unauthorized access via OAuth flow with partial/ high impact credentials (pe...
CVE-2017-0926
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login...
CVE-2017-0927
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users...
CVE-2018-1000114
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions...
CVE-2018-1000112
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users...
Authorization
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs...
CVE-2018-1000114
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions...
CVE-2018-1000107
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Ownership related...
Authorization
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000109
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs...
CVE-2018-1000110
An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000111
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000112
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users...
Authorization
Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause...
CVE-2017-17323
Huawei iBMC on V200R002C10/C20/C30 contains an improper authorization vulnerability where a normal user can access information intended for admins due to inadequate authorization checks, potentially leading to information disclosure. A Huawei security advisory confirms a fix in iBMC and notes pat...
CVE-2018-1000114
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions...
Authorization
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 the fixed version 4.5.x and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to access via an improper authorization vulnerability...