33 matches found
EUVD-2026-40627
Capgo before 12.128.2 contains a NULL-auth bypass vulnerability in the public.getorguseraccessrbac function that allows unauthenticated attackers to retrieve RBAC role bindings and member email addresses. Attackers can exploit improper NULL comparison in the authorization gate to disclose...
CVE-2026-56247
Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...
CVE-2026-56222
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...
CVE-2026-56222 Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...
CVE-2026-56222
Capgo before 12.128.2 has an authorization bypass in POST /private/role_bindings due to failure to verify app_id ownership during app-scoped role binding creation. An administrator in one organization can create role bindings targeting apps owned by other organizations, enabling unauthorized read...
EUVD-2026-38427
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...
CVE-2026-56222 Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...
CVE-2026-56222
Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...
PT-2026-51500
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the 'POST /private/role bindings' endpoint. The system fails to verify the ownership of the app id during the creation of app-scoped role bindings. This allows an...
CVE-2026-56321
Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...
EUVD-2026-38372
Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...
CVE-2026-56321
Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...
CVE-2026-56321
Capgo (backend Supabase edge functions) before 12.128.2 fails to apply the global authentication middleware to GET /private/role_bindings/:org_id, unlike POST/DELETE for the same resource. Unaunthenticated requests reach the handler instead of middleware rejection, but the handler still performs ...
CVE-2026-56321 Capgo - Missing Authentication Middleware on GET /private/role_bindings Endpoint
Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...
PT-2026-51410
Name of the Vulnerable Software and Affected Versions Capgo backend Supabase edge functions versions prior to 12.128.2 Description Inconsistent authentication enforcement exists across HTTP methods. The global authentication middleware is not applied to the 'GET /private/role bindings/:org id'...
Improper Preservation of Permissions
Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to the improper removal of ClusterRoleBinding objects when a custom administrative global role or its binding is deleted. An attacker can retain unauthorized access to clusters by leveraging...
CVE-2025-2786 Tempo-operator: serviceaccount token exposure leading to token and subject access reviews in openshift tempo operator
A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview...
GO-2024-2760 Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If...
GHSA-28G7-896H-695V Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do n...
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
Impact This vulnerability only affects customers using group based authentication in Rancher versions up to and including 2.4.17, 2.5.11 and 2.6.2. When removing a Project Role associated to a group from a project, the bindings that grant access to cluster scoped resources for those subjects do n...