2 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the KillAction function. An attacker can terminate active jobs initiated by legitimate users by directly invoking the KillAction endpoint without authentication, even when guest login is required. This can...
PT-2026-22999
Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.0 Description OliveTin allows an unauthenticated guest to terminate running actions through the KillAction Remote Procedure Call RPC even when authRequireGuestsToLogin: true is enabled. Guests are blocked fro...