156 matches found
SFTPGo allows administrators to restrict command execution from the EventManager
Impact One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a...
GHSA-49CC-XRJF-9QF7 SFTPGo allows administrators to restrict command execution from the EventManager
Impact One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a...
GO-2024-3283 SFTPGo allows administrators to restrict command execution from the EventManager in github.com/drakkan/sftpgo
SFTPGo allows administrators to restrict command execution from the EventManager in github.com/drakkan/sftpgo...
CVE-2024-52309
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...
CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...
CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...
CVE-2024-52309
SFTPGo CVE-2024-52309 involves the EventManager allowing administrators to execute scripts or commands, which can grant access to the underlying OS/container with the same permissions as the SFTPGo process. The root cause is that command execution could be performed by any admin with script-permi...
CVE-2024-52309 SFTPGo allows administrators to restrict command execution from the EventManager
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in...
SFTPGo 输入验证错误漏洞
SFTPGo is a full-featured and highly configurable SFTP server from the individual developer Nicola Murino in Italy. An input validation error vulnerability exists in SFTPGo versions prior to 2.4.0 through 2.6.3, which stems from the ability of an administrator to access the underlying operating...
GO-2022-1015 SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo
SFTPGo WebClient vulnerable to Cross-site Scripting in github.com/drakkan/sftpgo...
GO-2022-0964 SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo
SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo...
Insecure Direct Object Reference (IDOR)
github.com/drakkan/sftpgo is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to the lack of proper security measures such as JWT ID JTI claims, nonces, and proper expiration and invalidation mechanisms. The vulnerability allows an attacker with a valid intercepted...
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Withdrawn: The attack vector described in the backing report required that an attacker gain access to a user's session cookie. By gaining access to the session cookie the attacker is for all intents and purposes the valid user and any access to user data would be expected. In SFTPGo 2.6.2, the JW...
GHSA-X72P-G37Q-4XR9 Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Withdrawn: The attack vector described in the backing report required that an attacker gain access to a user's session cookie. By gaining access to the session cookie the attacker is for all intents and purposes the valid user and any access to user data would be expected. In SFTPGo 2.6.2, the JW...
CVE-2024-40430
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2024-40430
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2024-40430
...
CVE-2024-40430
CVE-2024-40430 is rejected and not an active vulnerability entry.
CVE-2024-40430
...
CBL Mariner 2.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)
The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...