Lucene search
K

130 matches found

Vulnrichment
Vulnrichment
added 2024/02/08 11:9 p.m.9 views

CVE-2024-24830 OpenObserve Privilege Escalation Vulnerability in Users API

OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/orgid/users" endpoint. This vulnerability allows any authenticated regular user 'member' to add new users with...

9.9CVSS9AI score0.00716EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/06/08 8:15 p.m.3 views

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

8.8CVSS7.5AI score0.14197EPSS
Exploits6References5
Vulnrichment
Vulnrichment
added 2023/06/08 12:0 a.m.10 views

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

8.6AI score0.14197EPSS
Exploits6References4
CVE
CVE
added 2023/02/20 3:12 p.m.58 views

CVE-2023-25569

CVE-2023-25569 (Apollo portal) : Prior to version 2.1.0, a low-privileged user can trigger creation of a special web page that an authenticated portal admin might visit, allowing the page to silently issue a request to assign new roles to that user without admin confirmation. This is effectively ...

5.7CVSS5.5AI score0.00351EPSS
Exploits0References5Affected Software1
Virtuozzo
Virtuozzo
added 2023/02/14 12:0 a.m.32 views

Virtuozzo Hybrid Infrastructure 5.4 (5.4.0-133)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover compute services, management node high availability, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous...

0.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/11/10 11:59 p.m.22 views

eZ Platform users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

1.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/10 11:59 p.m.19 views

GHSA-99R3-XMMQ-7Q7G eZ Platform users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

7.2CVSS6.9AI score0.00862EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/11/10 11:58 p.m.18 views

eZ Platform users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

1.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/10 11:58 p.m.15 views

GHSA-8H83-CHH2-FCHP eZ Platform users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

7.2CVSS6.9AI score0.00862EPSS
Exploits0References4
OSV
OSV
added 2022/11/10 11:57 p.m.34 views

GHSA-446Q-XXG5-3VHH eZ Platform users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/11/10 11:56 p.m.22 views

eZ Platform users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

1.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/10 11:56 p.m.23 views

GHSA-G6JC-XRC3-4WWQ Ibexa DXP users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/11/10 11:54 p.m.16 views

Ibexa DXP users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

2AI score
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.3 views

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network and more. A security vulnerability exists in Liferay Portal...

5.4CVSS5.4AI score0.00484EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/08/17 12:0 a.m.19 views

Moodle Incorrect Authorization vulnerability

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course...

8.8CVSS6.6AI score0.16425EPSS
Exploits8References4Affected Software1
OSV
OSV
added 2022/08/16 9:15 p.m.34 views

CVE-2020-14321

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course...

8.8CVSS6.6AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/24 5:5 p.m.20 views

Moodle does not revoke role capabilities correctly

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

5.5CVSS6.9AI score0.00709EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/24 5:5 p.m.25 views

GHSA-G9M2-C2X5-FR2V Moodle does not revoke role capabilities correctly

A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...

5.4CVSS5.7AI score0.00709EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/05/20 11:59 p.m.27 views

CVE-2019-3849

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site...

8.8CVSS3.2AI score0.01043EPSS
Exploits0References2
OSV
OSV
added 2022/05/13 1:21 a.m.12 views

GHSA-Q9QR-H33G-FW3J TeamPass Storing Passwords in a Recoverable Format vulnerability

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role...

9.8CVSS9.7AI score0.01724EPSS
Exploits0References3
Rows per page
Query Builder