19 matches found
Github Enterprise Authenticated Remote Code Execution
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members
Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, rol...
GHSA-8G2P-PQM3-FCFH praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members
Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, rol...
GHSA-H37G-4H4P-9X97 PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership
Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role to owner. The issue is caused by privileged workspace-management routes using the shared dependency requireworkspacemember... without...
CVE-2026-42185
People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user including users with no current domain access to the...
CVE-2026-42185 People: Privilege Escalation via Missing Role Ceiling in Mail Domain Invitation
People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user including users with no current domain access to the...
CVE-2026-42185
CVE-2026-42185 - People (La Suite): Prior to version 1.25.0, an authenticated user with Administrator on a mail domain could send a crafted invitation to elevate any user to Owner, yielding full domain ownership without the target’s acceptance. This is a privilege-escalation in the invitation flo...
CVE-2026-42185 People: Privilege Escalation via Missing Role Ceiling in Mail Domain Invitation
People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user including users with no current domain access to the...
People 安全漏洞
People is an open-source user and team permission management application developed by La Suite numérique. Versions of People prior to 1.25.0 contained a security vulnerability. This vulnerability allowed users with the role of email domain administrators to elevate any existing user to the owner...
Firefly III user API endpoints expose all users' information to any authenticated user (IDOR)
Summary The User management API endpoints GET /api/v1/users and GET /api/v1/users/id are accessible to any authenticated user without admin/owner role verification, exposing all users' email addresses, roles, and account status. Affected Endpoints 1. GET /api/v1/users UserController::index, line ...
GHSA-5Q8V-J673-M5V4 Firefly III user API endpoints expose all users' information to any authenticated user (IDOR)
Summary The User management API endpoints GET /api/v1/users and GET /api/v1/users/id are accessible to any authenticated user without admin/owner role verification, exposing all users' email addresses, roles, and account status. Affected Endpoints 1. GET /api/v1/users UserController::index, line ...
CVE-2024-0200
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
CVE-2025-22611 Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate his or any other team members privileges to any role, including the owner role. He's also able t...
CVE-2024-0200 Unsafe Reflection in Github Enterprise Server leading to Command Injection
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
CVE-2023-3907 Improper User Management in GitLab
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner...
CVE-2023-3915
Removed by vendor...
UBUNTU-CVE-2023-2485
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A malicious maintainer in a project can escalate other users to Owners in that project if they...
Access Control Unauthorized access to restricted functions setWithdrawalDelayBlocks
Lines of code Vulnerability details Impact By exploiting the owner's role through social engineering, an attacker could theoretically gain indirect control over any functions that require owner authorization. Specifically, the ability to manipulate withdrawal delays and other critical security...
GitLab: An attacker can run pipeline jobs as arbitrary user
Summary An attacker can run arbitrary pipeline jobs as a victim user. This means the attacker can access the user private repositories, member only repositories, registry, etc... by using the victim CIJOBTOKEN token. This is only my recent research and I wanted to report it as soon as possible. I...