Lucene search
K

5 matches found

Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-59151 Prowler: SAML Domain Claiming Enables Cross-Tenant Account Takeover

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...

9.6CVSS0.00296EPSS
Exploits0References5
OSV
OSV
added 4 days ago3 views

CVE-2026-59151 Prowler: SAML Domain Claiming Enables Cross-Tenant Account Takeover

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...

9.6CVSS6.1AI score0.00296EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/16 10:48 p.m.9 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control inadequate authorization checks in the POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE /api/agents/:id/keys/:keyId routes. An attacker can gain unauthorized access to sensitive...

8.5CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2013/09/30 12:0 a.m.5 views

PT-2013-4910 · Openstack · Openstack Identity

Name of the Vulnerable Software and Affected Versions: OpenStack Identity Keystone versions Folsom through Havana before havana-3 OpenStack Identity Keystone version Grizzly 2013.1.3 and earlier Description: The issue allows remote authenticated users to retain access via a token when a tenant is...

6.5CVSS6AI score0.01892EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2013/09/30 12:0 a.m.44 views

CVE-2013-4222

OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...

6.5CVSS5.9AI score0.01892EPSS
Exploits0References3
Rows per page
Query Builder