4960 matches found
DC-Sonar - Analyzing AD Domains For Security Risks Related To User Accounts
DC Sonar Community Repositories The project consists of repositories: dc-sonar-frontend dc-sonar-user-layer dc-sonar-workers-layer ntlm-scrutinizer Disclaimer It's only for education purposes. Avoid using it on the production Active Directory AD domain. Neither contributor incur any responsibilit...
Authentication Bypass
flarum is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly check access for post creation when the first post is deleted, allowing an attacker who can view the discussion to create new malicious replies via the REST API, even with reply permissio...
Improper Access Control
apachesuperset is vulnerable to Improper Access Control. The vulnerability exists in api.py due to explicitly enabling the DASHBOARDCACHE feature which allows an unauthenticated user to access dashboard configuration metadata using a rest api GET endpoint...
Apache Superset Access Control Error Vulnerability (CNVD-2023-05217)
An access control error vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation, which stems from improper access controls and could be exploited by an unauthenticated attacker to access dashboard configuration metadata using the REST...
GHSA-7222-R37X-8Q3M Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
GHSA-8F5J-MGX9-5HM5 Apache Superset has Improper Access Control
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Apache Superset has Improper Access Control
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43719
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-45438
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Cross site request forgery (csrf)
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Default configuration
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-45438
CVE-2022-45438 affects Apache Superset where enabling the DASHBOARD_CACHE feature flag (off by default) allows an unauthenticated user to access dashboard configuration metadata via a REST API GET endpoint. Affected versions are Superset 1.5.2 and earlier, and 2.0.0. The underlying issue is an im...
CVE-2022-45438 Apache Superset: Dashboard metadata information leak
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-45438 Apache Superset: Dashboard metadata information leak
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43719
CVE-2022-43719 affects Apache Superset; two legacy REST API endpoints for approval and request access are vulnerable to CSRF, impacting versions 1.5.2 and earlier, and 2.0.0. Root cause indicated by sources is lack of CSRF protection on these endpoints. CVSS v3.1 metrics show high impact (Confide...
CVE-2022-43719 Apache Superset: Cross Site Request Forgery (CSRF) on accept, request access API
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...