10 matches found
CVE-2025-68436
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the...
CVE-2025-68436 Craft CMS vulnerable to potential information disclosure via unchecked asset relocation
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the...
CVE-2024-6696
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses reads and/or writes to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad becau...
CVE-2024-6696
Hitachi Vantara Pentaho Business Analytics Server exposes an authorization check flaw in the user console trash content across versions prior to 10.2.0.0 and 9.3.0.9 (including 8.3.x). The root cause is insufficient granularity in access controls (CWE-1220), allowing an attacker to bypass protect...
CVE-2021-3169
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...
CVE-2021-3169
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...
Design/Logic Flaw
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...
PT-2021-19475 · Unknown · Jumpserver
Name of the Vulnerable Software and Affected Versions: Jumpserver versions prior to 2.6.2 Jumpserver versions prior to 2.5.4 Jumpserver versions prior to 2.4.5 Description: An issue in Jumpserver allows attackers to create a connection token through an API which does not have access control and u...
Jumpserver 注入漏洞
Jumpserver is an open source bastion machine from Hangzhou Feizhiyun Information Technology Co. in China. An injection vulnerability exists in Jumpserver versions 2.6.2 and below that allows an attacker to create a connection token via an API with no access control and use it to access sensitive...
CVE-2021-3169
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets...