Lucene search
K

38 matches found

Github Security Blog
Github Security Blog
added 2024/06/17 10:30 p.m.26 views

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider AP. This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the...

8.8CVSS6.8AI score0.00585EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/03/06 10:59 a.m.10 views

BIT-MATTERMOST-2023-4478

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...

8.2CVSS5.9AI score0.00441EPSS
Exploits0References2
OSV
OSV
added 2023/08/25 10:15 a.m.10 views

CVE-2023-4478

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...

8.2CVSS7AI score
Exploits0References1
Cvelist
Cvelist
added 2023/08/25 9:6 a.m.18 views

CVE-2023-4478 Parameter tampering in the registration resulting in blocked accounts to be created

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts...

4.3CVSS8.4AI score0.00441EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.3 views

PT-2023-18674 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.18.1 Description: The Administration session expiration was set to one week, allowing an attacker who has stolen the session cookie to use it for a long period. An automatic logout into the Administration sessio...

9.8CVSS9.4AI score0.0073EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2022/10/24 12:0 a.m.15 views

gitea -- multiple issues

The Gitea team reports: Do not allow Ghost access to limited visible user/org Fix package access for admins and inactive users...

4.4AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/09/16 5:40 p.m.33 views

XWiki Platform Improper Authorization check for inactive users

Impact Some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service: so a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default: so an inactive...

8.1CVSS7.8AI score0.00883EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/09/16 5:40 p.m.30 views

GHSA-JGC8-GVCX-9VFX XWiki Platform Improper Authorization check for inactive users

Impact Some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service: so a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default: so an inactive...

8.1CVSS7.9AI score0.00883EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/09/08 2:45 p.m.33 views

CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...

8.1CVSS8.2AI score0.00883EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/09/08 2:45 p.m.7 views

CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...

8.1CVSS8.2AI score0.00883EPSS
Exploits1References3
OSV
OSV
added 2022/09/08 2:45 p.m.27 views

CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...

8.1CVSS7.6AI score0.00883EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/09/08 12:0 a.m.5 views

PT-2022-23180 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki Platform Old Core versions prior to 13.1.0.5 and 14.3-rc-1 Description: The issue arises from missing checks for inactive users in XWiki, including the REST service, allowing a disabled user to enable themselves using a REST call. Some...

8.1CVSS7.9AI score0.00883EPSS
Exploits1References10
FreeBSD
FreeBSD
added 2020/12/01 12:0 a.m.24 views

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.13.0: Add Allow-/Block-List for Migrate and Mirrors Prevent git operations for inactive users Disallow urlencoded new lines in git protocol paths if there is a port Mitigate Security vulnerability in the git hook feature Disable DSA ssh keys by default Set TLS...

0.2AI score
Exploits0References1
OSV
OSV
added 2019/12/13 1:15 p.m.2 views

CVE-2019-13347

An issue was discovered in the SAML Single Sign On SSO plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbucket, and versions 2.4.0 through 2.5.2 for Bamboo. It allows locally disabled users to reactivate thei...

7.5CVSS7AI score0.01061EPSS
Exploits0References2
Atlassian
Atlassian
added 2015/09/28 7:40 p.m.18 views

Migrating JIRA/Confluence from Cloud to Cloud reactivates inactive users

h3. Summary Admin migrated a Cloud instance of JIRA/Confluence to a new base URL. During the migration to the new JIRA/Confluence instance, inactive users became active. h3. Environment JIRA Cloud Confluence Cloud h3. Steps to Reproduce Create a user in JIRA Cloud Deactive user. Make inactive...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/17 1:20 p.m.19 views

Inactive users still receiving emails from "Send email" function

The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2012/10/17 1:20 p.m.25 views

Inactive users still receiving emails from "Send email" function

The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/10/17 1:20 p.m.21 views

Inactive users still receiving emails from "Send email" function

The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...

0.5AI score
Exploits0Affected Software1
Rows per page
Query Builder