108 matches found
CVE-2025-62729
CVE-2025-62729 affects SOPlanning with a Stored XSS in the /status endpoint. An authenticated attacker can inject arbitrary HTML/JS that is rendered for multiple pages. Root cause described in connected Red Hat/ENISA/NVD entries; fixed in version 1.55. CVSS metrics indicate MEDIUM severity (3.1: ...
CVE-2025-62729 Stored XSS in SOPlanning
SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. This issue was fixed in version 1.55...
CVE-2025-62293 Broken Access Control in SOPlanning
SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...
CVE-2025-62293
SOPlanning is affected by Broken Access Control in the /status endpoint due to missing permission checks in Project Status functionality. An authenticated attacker can add, edit, or delete statuses. A fix is available in version 1.55. The CVE-entry is supported by Red Hat and EU vulnerability ref...
EUVD-2025-198311
SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...
CVE-2025-62293 Broken Access Control in SOPlanning
SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...
PT-2025-47598
Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Stored Cross-Site Scripting XSS issue within the /status endpoint. An attacker possessing an account can inject arbitrary HTML and JavaScript code into the website...
SOPlanning 安全漏洞
SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning versions prior to 1.55, which stems from a lack of permission checking in the /status endpoint that could lead to improper access control...
PT-2025-47593
Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Broken Access Control issue in the /status endpoint. Insufficient permission checks within the Project Status functionality allow an authenticated attacker to modify...
SOPlanning 跨站脚本漏洞
SOPlanning is a suite of online project management software from SOPlanning, Inc. A cross-site scripting vulnerability exists in SOPlanning versions prior to 1.55, which stems from the /status endpoint that does not properly clean inputs, and could lead to stored cross-site scripting...
Sensitive Information Disclosure
github.com/runatlantis/atlantis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the /status endpoint publicly exposing detailed version information, which allows an attacker to identify specific software versions and exploit known vulnerabilities to compromise the...
EUVD-2025-27088
Malicious code in bioql PyPI...
SUSE CVE-2025-58445
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...
GO-2025-3940 Atlantis Exposes Service Version Publicly on /status API Endpoint in github.com/runatlantis/atlantis
Atlantis Exposes Service Version Publicly on /status API Endpoint in github.com/runatlantis/atlantis...
CVE-2025-58445
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...
CVE-2025-58445
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...
CVE-2025-58445
CVE-2025-58445 concerns the Atlantis self-hosted Go application. The connected document GO-2025-3940 describes Atlantis exposing the service version publicly via the "/status" API endpoint in github.com/runatlantis/atlantis. The Initial document states that this information disclosure could allow...
CVE-2025-58445 Atlantis Exposes Service Version Publicly on /status API Endpoint
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...
CVE-2025-58445 Atlantis Exposes Service Version Publicly on /status API Endpoint
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...
CVE-2025-58445 Atlantis Exposes Service Version Publicly on /status API Endpoint
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known...