PT-2025-6208 · Tableau +1 · Tableau Server +1

Name of the Vulnerable Software and Affected Versions: Opcenter Intelligence versions prior to V2501 Description: A personal access token disclosure vulnerability has been identified in Opcenter Intelligence, which is related to Tableau Server. This issue allows for the disclosure of personal...

CVE-2020-5262

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

CVE-2024-8114

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token PAT to escalate privileges...

BIT-GITLAB-2024-8114 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token PAT to escalate privileges...

CVE-2024-8114

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token PAT to escalate privileges...

UBUNTU-CVE-2024-8114

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token PAT to escalate privileges...

CVE-2024-8114 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token PAT to escalate privileges...

CVE-2024-8114

CVE-2024-8114 affects GitLab CE/EE versions 8.12 through before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. An attacker who has access to a victim’s Personal Access Token (PAT) can escalate privileges. The impact is privilege escalation with high potential impact on confidentiality, integ...

CVE-2024-8114 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token PAT to escalate privileges...

CVE-2024-10824

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

CVE-2024-10824

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

CVE-2024-10824 Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token

The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...

PT-2024-38898 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.10.17 GitHub Enterprise Server versions prior to 3.11.15 GitHub Enterprise Server versions prior to 3.12.9 GitHub Enterprise Server versions prior to 3.13.4 GitHub Enterprise Server versions prior ...

Accessing Confluence using PAT Token fails intermittently when multiple users access concurrently

h3. Issue Summary This issue is similar to the one reported in Jira side under JRASERVER-76340|https://jira.atlassian.com/browse/JRASERVER-76340 This is reproducible on Data Center: Yes h3. Steps to Reproduce Provision a new Confluence environment Create two new users: "usera" and "userb" For eac...

CVE-2024-5566

An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6,...

PT-2024-36574 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An improper privilege management issue allowed users to migrate private repositories without having the appropriate scopes defined on the related Personal Access Token...

satellite: arithmetic overflow in satellite

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity...

Successful user login events are not added to the audit log when using a personal access token

h3. Issue Summary When users authenticate on Jira, this information should be added as new events on the audit log when full coverage is enabled for the Security category. Requests made with personal access tokens PAT for REST API won't create a new entry on the audit log. h3. Steps to Reproduce...

PT-2023-32779 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server versions 3.11 through 3.11.0 Description: Improper privile...