GHSA-V39M-97P8-GQG7 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

UserController::upsertUser writes user data in SYSTEMSCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

UserController::upsertUser writes user data in SYSTEMSCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

PT-2026-46886

UserController::upsertUser writes user data in SYSTEM SCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

PT-2026-46868

UserController::upsertUser writes user data in SYSTEM SCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

Windows Persistent Startup Folder

This module establishes persistence by creating a payload in the user or system startup folder. Works on Vista and newer systems. Module Options msf use exploit/windows/persistence/startupfolder msf exploitstartupfolder show targets ...targets... msf exploitstartupfolder set TARGET msf...

SUSE CVE-2019-16541

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...

jenkins-jira-plugin: plugin information disclosure

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...

Information Disclosure

jenkins-jira-plugin is vulnerable to information disclosure. The scope for per-folder Jira site definitions is not properly declared, allowing users to select and use credentials with System scope...

jenkins-jira-plugin: plugin information disclosure

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...

CVE-2019-16541

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...

PT-2019-4454 · Jenkins · Jenkins Jira Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JIRA Plugin versions 3.0.10 and earlier Description: The issue is related to the incorrect declaration of the scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. This can lead to...

Solar System Scope - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Solar System Scope published at the 'play' market has multiple vulnerabilities...