4963 matches found
CVE-2024-34701
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
BIT-ELASTICSEARCH-2024-23449 Elasticsearch Uncaught Exception
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
BIT-ELASTICSEARCH-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model
Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...
JWT Exposure
@valtimo/components is vulnerable to JWT Exposure. The vulnerability is due to a misconfiguration of the Form.io component, which exposes the user's access token JWT to api.form.io via the x-jwt-token header, allowing attackers to retrieve personal information or execute requests to the Valtimo...
CVE-2024-34706 @valtimo/components exposes access token to form.io
Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token JWT of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...
CVE-2024-34701
Summary: CVE-2024-34701 affects Miraheze’s CreateWiki MediaWiki extension. An attacker could be considered the requester for a wiki request if their local user ID on any wiki in the farm matches the requester’s local ID on the target wiki, enabling actions the requester is allowed to perform via ...
Unspecified Vulnerability in Apache Superset (CNVD-2024-24409)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security vulnerability exists in Apache Superset versions prior to 3.1.2, which can be exploited by an authenticated attacker to access metadata from data sources they are not authorized to vie...
Debian dsa-5685 : wordpress - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5685 advisory. - WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the wplang' parameter. This allows unauthenticated attackers...
PT-2024-4518 · Cyberpower · Cyberpower Powerpanel Enterprise
Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise versions prior to 2.8.3 Description: The issue is related to missing authentication for certain utilities in CyberPower PowerPanel Enterprise, allowing an unauthenticated remote attacker to access the PDNU RES...
Incorrect Authorization
apachesuperset is vulnerable to Incorrect Authorization. The vulnerability is due to improper validation on user permissions when accessing datasource metadata through REST API's. This allows attackers to access sensitive information without the necessary authorization...
Apache Superset Incorrect Authorization vulnerability
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...
GHSA-299Q-3P96-5898 Apache Superset Incorrect Authorization vulnerability
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...
CVE-2024-28148
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...
CVE-2024-28148
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...
CVE-2024-28148
Summary: Multiple sources describe an authorization issue in Apache Superset prior to 3.1.2. Affected product/component: Apache Superset, specifically the REST API used to explore datasources. Root cause (as stated): Incorrect datasource authorization on the explore REST API allowing an authentic...
CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...
CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...