3 matches found
GO-2026-4629 OliveTin doesn't check view permission when returning dashboards in github.com/OliveTin/OliveTin
OliveTin doesn't check view permission when returning dashboards in github.com/OliveTin/OliveTin...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation in the authentication process when JWT tokens are parsed without enforcing the audience claim in certain configurations. An attacker can gain unauthorized access by presenting a validly signed JWT token with an...
GO-2026-4547 OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks in github.com/OliveTin/OliveTin
OliveTin: OS Command Injection via password argument type and webhook JSON extraction bypasses shell safety checks in github.com/OliveTin/OliveTin...