Lucene search
K

288 matches found

Vulnrichment
Vulnrichment
added 2023/04/10 7:37 a.m.11 views

CVE-2023-27987 Apache Linkis gateway module token authentication bypass

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

6.8AI score0.00811EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.3 views

SUSE CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.4AI score0.04808EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.2 views

imcat 跨站请求伪造漏洞

Imcat is a PHP-based open source website building system. A security vulnerability exists in version 5.4 of imcat, which stems from the presence of cross-site request forgery, which can be exploited by a remote attacker to elevate privileges through the lack of token authentication...

8.8CVSS7.8AI score0.00612EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/12/08 5:38 p.m.29 views

CVE-2022-46829

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented...

7.1CVSS8.8AI score0.00428EPSS
Exploits0References1
OSV
OSV
added 2022/11/09 9:15 p.m.1 views

CVE-2022-31689

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token...

9.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.9 views

VMware Workspace ONE Assist 授权问题漏洞

VMware Workspace ONE Assist is a real-time remote support solution from VMware, Inc. It allows VMware Workspace ONE UEM administrators to remotely access and troubleshoot devices in real-time while respecting end-user privacy. A security vulnerability exists in VMware Workspace ONE Assist prior t...

9.8CVSS8.6AI score0.00824EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/10/14 12:0 a.m.6 views

GoCD 安全漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that originates from allowing an authenticated agent to impersonate another agent, resulting in an access control outage and incorrect authentication of agent tokens in the GoCD server to...

6.5CVSS6.6AI score0.00615EPSS
Exploits0References4
OSV
OSV
added 2022/07/28 12:0 a.m.11 views

GHSA-V878-67XW-GRW2 Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

6.5CVSS7AI score0.05454EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.4 views

PT-2022-4996 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.11.3 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to insufficient authentication of requests. This allows attackers to trigger builds of jobs configured to use an...

8.8CVSS8.7AI score0.0058EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2022/06/17 12:0 a.m.26 views

openSUSE: Security Advisory for rubygem-actionpack-5_1, (SUSE-SU-2022:2108-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.8AI score0.04808EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/06/17 12:0 a.m.65 views

SUSE SLES15 Security Update : rubygem-actionpack-5_1, rubygem-activesupport-5_1 (SUSE-SU-2022:2108-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2108-1 advisory. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the...

7.5CVSS7.3AI score0.04808EPSS
Exploits1References7
CNVD
CNVD
added 2022/06/09 12:0 a.m.27 views

WordPress Social Share Buttons plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons plugin 2.2.2 and earlier versions are vulnerable to cross-site request forgery...

4.3CVSS2.5AI score0.00396EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/07 12:0 a.m.2 views

Klapp App 授权问题漏洞

Klapp App is a Cordova-based web and mobile application from Klapp, Switzerland. A security vulnerability exists in Klapp App that stems from incorrect authentication in JSON WEB TOKEN...

9.8CVSS8.3AI score0.01411EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.4 views

WordPress plugin Social Share Buttons 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons plugin 2.2.2 and earlier versions are vulnerable to cross-site request forgery...

4.3CVSS5.4AI score0.00396EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 4:55 p.m.30 views

GHSA-JMRX-5G74-6V2F Kubernetes client-go library logs may disclose credentials to unauthorized users

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...

6.5CVSS6.1AI score0.01766EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2022/05/11 3:15 p.m.4 views

CVE-2022-1426

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed ...

4.3CVSS5.7AI score0.00848EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/05/06 5:15 p.m.19 views

CVE-2021-31559

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...

7.5CVSS0.00833EPSS
Exploits0References1
OSV
OSV
added 2022/05/06 5:15 p.m.2 views

CVE-2021-31559

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...

7.5CVSS7.2AI score0.00833EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/05/06 12:0 a.m.4 views

PT-2022-10035 · Splunk · Splunk Enterprise Indexer

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise Indexer versions 8.1 through 8.1.4 Splunk Enterprise Indexer versions 8.2 through 8.2.0 Description: A crafted request can bypass S2S TCP Token authentication, allowing arbitrary events to be written to an index. This issue...

7.5CVSS7.5AI score0.00833EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.3 views

Splunk Enterprise 授权问题漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

7.5CVSS7.5AI score0.00833EPSS
Exploits0References3
Rows per page
Query Builder