38 matches found
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the...
BIT-MATTERMOST-2023-4478
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...
CVE-2023-4478
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...
CVE-2023-4478 Parameter tampering in the registration resulting in blocked accounts to be created
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...
PT-2023-18674 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.18.1 Description: The Administration session expiration was set to one week, allowing an attacker who has stolen the session cookie to use it for a long period. An automatic logout into the Administration sessio...
gitea -- multiple issues
The Gitea team reports: Do not allow Ghost access to limited visible user/org Fix package access for admins and inactive users...
XWiki Platform Improper Authorization check for inactive users
Impact Some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service: so a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default: so an inactive...
GHSA-JGC8-GVCX-9VFX XWiki Platform Improper Authorization check for inactive users
Impact Some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service: so a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default: so an inactive...
CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...
CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...
CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...
PT-2022-23180 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki Platform Old Core versions prior to 13.1.0.5 and 14.3-rc-1 Description: The issue arises from missing checks for inactive users in XWiki, including the REST service, allowing a disabled user to enable themselves using a REST call. Some...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.13.0: Add Allow-/Block-List for Migrate and Mirrors Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port Mitigate Security vulnerability in the git hook feature Disable DSA ssh keys by default Set TLS...
CVE-2019-13347
An issue was discovered in the SAML Single Sign On SSO plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate thei...
Migrating JIRA/Confluence from Cloud to Cloud reactivates inactive users
h3. Summary Admin migrated a Cloud instance of JIRA/Confluence to a new base URL. During the migration to the new JIRA/Confluence instance, inactive users became active. h3. Environment JIRA Cloud Confluence Cloud h3. Steps to Reproduce Create a user in JIRA Cloud Deactive user. Make inactive...
Inactive users still receiving emails from "Send email" function
The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...
Inactive users still receiving emails from "Send email" function
The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...
Inactive users still receiving emails from "Send email" function
The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...