Lucene search
K

293 matches found

Atlassian
Atlassian
added 2015/05/28 8:4 p.m.24 views

Project's permission bypass JIRA global permissions

h3. Summary Users are able to create/comment issues via email without group membership if they are added directly to the project's permission. User shouldn't be able to do that since he can't access the application itself. Same applies to JIRA's notifications. h3. Steps to Reproduce Remove user...

1.8AI score
Exploits0Affected Software1
OSV
OSV
added 2014/10/26 8:55 p.m.1 views

DEBIAN-CVE-2014-3520

OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...

6.5CVSS6.7AI score0.01907EPSS
Exploits1References1
NVD
NVD
added 2014/10/26 8:55 p.m.25 views

CVE-2014-3520

OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...

6.5CVSS6.3AI score0.01907EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/08/22 12:0 a.m.28 views

Ubuntu 14.04 LTS : OpenStack Keystone vulnerabilities (USN-2324-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2324-1 advisory. Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain...

6.5CVSS5.7AI score0.02308EPSS
Exploits2References6
Ubuntu
Ubuntu
added 2014/08/21 9:9 p.m.65 views

USN-2324-1: OpenStack Keystone vulnerabilities

Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. CVE-2014-3476 Jamie Lennox discovered that OpenStack Keystone did not properly validate the...

6.5CVSS5.4AI score0.02308EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2014/07/31 3:18 p.m.4 views

Important: Red Hat Security Advisory: openstack-keystone security update

Updated openstack-keystone packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0 and 4.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...

6.5CVSS5.8AI score0.02308EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2014/07/02 12:0 a.m.25 views

CVE-2014-3520

OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...

6.5CVSS5.9AI score0.01907EPSS
Exploits1References3
Hacker One
Hacker One
added 2014/04/20 5:58 p.m.26 views

Localize: Private Project Access Request Accpeted Via CSRF

Hi Team, I have found a CSRF vulnerability using which the attacker can force the victim to Accpeted the private project access invitation request Via CSRF as the anti-csrf token is not getting validated on the server-side. Private Project Access Request Accpeted Via CSRF Code:...

3.5AI score
Exploits0
Prion
Prion
added 2013/08/09 7:55 p.m.18 views

Design/Logic Flaw

The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access...

7.2CVSS7AI score0.00432EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2012/08/29 11:13 a.m.22 views

Inherit Edit Restrictions for Child Pages

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-26446. panel As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions:...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/11/24 8:47 p.m.24 views

Watchers can be added to a project without having rights in that project

A user of Jira at our site has found that two people he added to watchers on this project were only members of the Jira Users group and had no rights in the project. Therefore Jira silently did not send any notifications and they did not receive the information that the original user thought they...

2AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.25 views

Debian DSA-153-1 : mantis - cross site code execution and privilege escalation

Joao Gouveia discovered an uninitialized variable which was insecurely used with file inclusions in the mantis package, a php based bug tracking system. The Debian Security Team found even more similar problems. When these occasions are exploited, a remote user is able to execute arbitrary code...

10CVSS6.2AI score0.03267EPSS
Exploits1References11
OSV
OSV
added 2002/08/14 12:0 a.m.36 views

DSA-153 mantis - cross site code execution and privilege escalation

Bulletin has no description...

10CVSS6.1AI score0.03267EPSS
Exploits1
Rows per page
Query Builder