309 matches found
Citrix Gateway&Cloud MFA - Session Validation Vulnerability
Document Title: =============== Citrix Gateway&Cloud MFA - Session Validation Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2324 Vulnerability Magazine:...
Citrix Gateway & Cloud - Session Validation Vulnerability
Document Title: =============== Citrix Gateway & Cloud - Session Validation Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2325 Security Video: Cloud https://www.youtube.com/watch?v=vObgOpGpCSM Security Video: OnPrem...
Exploit for Insecure Default Initialization of Resource in Apache Superset
It is an exploit module for CVE-2023-27524, an Apache Superset a...
GHSA-5CX2-VQ3H-X52C Apache superset missing check for default SECRET_KEY
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
Apache superset missing check for default SECRET_KEY
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
Design/Logic Flaw
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
CVE-2023-27524 Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
CVE-2023-27524 Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
CVE-2023-27524
CVE-2023-27524 affects Apache Superset up to 2.0.1 where an insecure default SECRET_KEY allows authentication bypass and unauthorized access. Multiple connected sources show public exploits and PoCs (e.g., GitHub exploits for session cookie forging and potential RCE/auth bypass) illustrating prac...
keycloak: Session takeover with OIDC offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
keycloak: Session takeover with OIDC offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...
SUSE CVE-2019-11106
Insufficient session validation in the subsystem for IntelR CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access...
SUSE CVE-2019-11168
Insufficient session validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access...
SUSE CVE-2019-11173
Insufficient session validation in IntelR Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access...
CVE-2023-24426
Jenkins Azure AD Plugin 303.va91ef20ee49f and earlier does not invalidate the previous session on login...
CVE-2023-24444
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login...
keycloak: Session takeover with OIDC offline refreshtokens
A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...