CVE-2021-22861

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...

CVE-2020-25208

In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions...

GHSA-395W-QHQR-9FR6 Path Traversal in Apache Flink

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

WordPress Advanced Access Manager plugin Handling Logic Error Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Advanced Access Manager plugin versions prior to 6.6.2,...

CVE-2020-17519

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

Design/Logic Flaw

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

CVE-2020-17519

CVE-2020-17519 is an Apache Flink directory traversal vulnerability that permits reading arbitrary files on the JobManager host via the REST interface. The flaw stems from a change introduced in Flink 1.11.0 (affecting 1.11.0, 1.11.1, and 1.11.2) and is limited to files accessible by the JobManag...

CVE-2020-17519

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

PT-2021-10097 · Apache · Apache Flink

Name of the Vulnerable Software and Affected Versions: Apache Flink versions 1.11.0 through 1.11.2 Description: A change introduced in Apache Flink allows attackers to read any file on the local filesystem of the JobManager through the REST interface. Access is restricted to files accessible by t...

CVE-2020-35934

The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object including all metadata upon login via the REST API aam/v1/authenticate or aam/v2/authenticate. This is a security problem if this object stores information that the user is not supposed to have e.g.,...

The vulnerability of the REST API implementation of the network management system’s data center management module allows a attacker to re-record any files on the device.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to errors in processing input data. Exploiting this vulnerability allows an attacker to re-record any files on the device remotely...

F5 BIG-IP 输入验证错误漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An information disclosure vulnerability exists in F5 BIG-IP, which can be exploited by an attacker who can read files via F5...

UBUNTU-CVE-2020-26415

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to 13.6.2...

PT-2020-16169 · Red Hat · Infinispan

Name of the Vulnerable Software and Affected Versions: infinispan version 10 Description: A flaw was found in the infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authorization is enabled, any user with authentication...

The vulnerability of the integration component of the Magento Commerce software development and management platform, related to authentication errors, allows a malicious user to delete CMS pages via the REST API without authentication.

The vulnerability of the integration component of the Magento Commerce software for developing and managing online stores is related to authentication errors. Exploiting this vulnerability allows a malicious actor to delete CMS pages through the REST API without authentication...

IBM UrbanCode Deploy Security Bypass Vulnerability (CNVD-2020-63484)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password...

Design/Logic Flaw

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password...

CVE-2020-5943

In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password...

CVE-2020-5943

CVE-2020-5943 affects F5 BIG-IP when using the iControl REST interface. In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, protected fields are obfuscated in REST responses instead of being protected by a SecureVault cryptogram (unlike TMSH), potentially exposing sensitive data such as the GTM mo...