PT-2022-14899 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP plugin for WordPress versions up to, and including, 2.20.2 Description: The issue allows unauthenticated users to access donor information through the "/donor-wall" REST-API endpoint, even when the donor wall is not enabled. This...

CVE-2022-2406

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API...

CVE-2022-2406

Mattermost CVE-2022-2406 concerns the legacy Slack import feature (v6.7.0 and earlier). The root cause is failure to properly limit imported file sizes, allowing an authenticated attacker to crash the server by uploading large files via the Slack import REST API. Impact is a DoS affecting availab...

Sourcegraph gitserver sshCommand Remote Command Execution Exploit

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

GitLab 8.13 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-1999)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an...

GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Get a REST nonce logged in as admin:...

GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Get a REST nonce logged in as admin:...

FreeBSD : Gitlab -- multiple vulnerabilities (d1b35142-ff4a-11ec-8be3-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d1b35142-ff4a-11ec-8be3-001b217b3468 advisory. - A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions...

JFrog Artifactory Cross-Site Scripting Vulnerability

JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog that supports clustering and high-availability Docker registries and provides an end-to-end solution for tracking artifact automation from development to production.JFrog Artifactory suffers fr...

GitLab 8.13.x < 14.10.5, 15.0.x < 15.0.4, 15.1.x < 15.1.1 Improper Authorization Vulnerability

GitLab is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

Cross site scripting

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting XSS through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory...

Design/Logic Flaw

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versio...

CVE-2021-46687

CVE-2021-46687 affects JFrog Artifactory: versions prior to 7.31.10 and prior to 6.23.38 are vulnerable to sensitive data exposure through the Project Administrator REST API . The underlying issue is exposed in the REST API and leads to leakage of sensitive data in affected releases. The provided...

CVE-2021-45721

CVE-2021-45721 affects JFrog Artifactory. Vulnerable through Reflected XSS in a Users REST API XHR parameter due to insufficient input validation. Affected versions: before 7.29.8 and before 6.23.38. Impact: potential client-side JavaScript execution. Remediation (as documented): upgrade to 7.29....

JFrog Artifactory 安全漏洞

JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog that supports clustering and high-availability Docker registries, and provides an end-to-end solution for automating the tracking of artifacts from development to production. A security...

PT-2022-12372 · Jfrog · Jfrog Artifactory

Name of the Vulnerable Software and Affected Versions: JFrog Artifactory versions prior to 7.29.8 JFrog Artifactory versions prior to 6.23.38 Description: The issue is related to Reflected Cross-Site Scripting XSS through one of the XHR parameters in the "Users REST API endpoint". Recommendations...

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...