Lucene search
+L

54 matches found

Cvelist
Cvelist
added 2024/08/22 6:39 a.m.37 views

CVE-2024-8071 System Role with edit access to permissions can elevate themselves to system admin

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...

4.7CVSS0.00344EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/22 6:30 a.m.15 views

CVE-2024-39810 Server crash via Elasticsearch certificate file

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

4.9CVSS6.8AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/22 6:30 a.m.30 views

CVE-2024-39810 Server crash via Elasticsearch certificate file

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

4.9CVSS0.00456EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/30 12:0 a.m.49 views

Qlik Sense Enterprise Privilage Escalation (CVE-2024-36077)

The version of Qlik Sense Enterprise installed on the remote Windows host is prior to May 2022 prior to Patch 18, August 2022 prior to Patch 17, November 2022 prior to Patch 14, February 2023 prior to Patch 14, May 2023 prior to Patch 16, August 2023 prior to Patch 14, November 2023 prior to patc...

8.8CVSS5.7AI score0.00551EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/22 4:46 p.m.15 views

CVE-2024-36077

Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 14.173.3...

8.8CVSS7.5AI score0.00551EPSS
Exploits0References1
OSV
OSV
added 2024/03/22 12:15 p.m.3 views

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

6.3CVSS6.1AI score0.0064EPSS
Exploits1References1
NVD
NVD
added 2024/03/22 12:15 p.m.29 views

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

6.3CVSS8.2AI score0.0064EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.5 views

PT-2024-20796 · Snow Snow · Snow Snow

Name of the Vulnerable Software and Affected Versions: snow snow version 2.0.0 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the dataScope parameter of the "system/role/list" interface. This enables the attacker to potentially access and manipulate...

6.3CVSS8.3AI score0.0064EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/03/22 12:0 a.m.7 views

DingFlow 安全漏洞

DingFlow is DingFlow open source is committed to helping small and medium-sized intelligent office system. DingFlow v.2.0.0 version of a security vulnerability , the vulnerability stems from the system/role/list interface of the dataScope parameter SQL injection vulnerability...

6.3CVSS7.9AI score0.0064EPSS
Exploits1References2
OSV
OSV
added 2024/02/01 2:15 p.m.7 views

CVE-2024-24062

springboot-manager v1.6 is vulnerable to Cross Site Scripting XSS via /sys/role...

5.4CVSS5.8AI score0.00424EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.3 views

springboot-manager Security Vulnerability

springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...

5.4CVSS6.2AI score0.00424EPSS
Exploits1References2
OSV
OSV
added 2024/01/22 6:15 p.m.4 views

CVE-2024-0784

A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...

9.8CVSS5.7AI score0.0068EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/22 12:0 a.m.6 views

Octopus Deploy SQL Injection Vulnerability

Octopus Deploy is an automation tool for .NET, Java and other application development and deployment from Octopus Deploy Australia. A SQL injection vulnerability exists in Octopus Deploy version 1.0, which stems from /system/role/list containing unknown functions that cause SQL injection via the...

9.8CVSS8.1AI score0.0068EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/22 12:0 a.m.4 views

PT-2024-15817 · Unknown · Hongmaple Octopus +1

Name of the Vulnerable Software and Affected Versions: hongmaple octopus version 1.0 biantaibao octopus version 1.0 Description: A critical issue has been found, affecting an unknown function of the file /system/role/list. The manipulation of the dataScope argument leads to sql injection. It is...

9.8CVSS7AI score0.0068EPSS
Exploits1References7
Veracode
Veracode
added 2023/10/11 3:3 p.m.12 views

Privilege Escalation

mattermost is vulnerable to privilege escalation. An attacker with system role permission can read DM conversations...

4.9CVSS6.7AI score0.00472EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/29 12:30 p.m.42 views

GHSA-H8WH-F7GW-FWPR Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

2.7CVSS4.3AI score0.00472EPSS
Exploits0References3
NVD
NVD
added 2023/09/29 10:15 a.m.32 views

CVE-2023-5193

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

4.9CVSS5.1AI score0.00472EPSS
Exploits0References1
Prion
Prion
added 2023/09/29 10:15 a.m.23 views

Design/Logic Flaw

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

3.3CVSS3.7AI score0.00472EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/29 9:23 a.m.23 views

CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

4.9CVSS6.6AI score0.00472EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/29 9:23 a.m.34 views

CVE-2023-5193 System Role with manage posts permission can read posts of Direct Messages

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation...

4.9CVSS5.4AI score0.00472EPSS
Exploits0References1
Rows per page
Query Builder