288 matches found
CVE-2023-27987 Apache Linkis gateway module token authentication bypass
In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...
SUSE CVE-2021-22904
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...
imcat 跨站请求伪造漏洞
Imcat is a PHP-based open source website building system. A security vulnerability exists in version 5.4 of imcat, which stems from the presence of cross-site request forgery, which can be exploited by a remote attacker to elevate privileges through the lack of token authentication...
CVE-2022-46829
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented...
CVE-2022-31689
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token...
VMware Workspace ONE Assist 授权问题漏洞
VMware Workspace ONE Assist is a real-time remote support solution from VMware, Inc. It allows VMware Workspace ONE UEM administrators to remotely access and troubleshoot devices in real-time while respecting end-user privacy. A security vulnerability exists in VMware Workspace ONE Assist prior t...
GoCD 安全漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that originates from allowing an authenticated agent to impersonate another agent, resulting in an access control outage and incorrect authentication of agent tokens in the GoCD server to...
GHSA-V878-67XW-GRW2 Lack of authentication mechanism in Jenkins Git Plugin webhook
Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...
PT-2022-4996 · Jenkins · Jenkins Git Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Git Plugin versions 4.11.3 and earlier Description: A cross-site request forgery CSRF vulnerability exists due to insufficient authentication of requests. This allows attackers to trigger builds of jobs configured to use an...
openSUSE: Security Advisory for rubygem-actionpack-5_1, (SUSE-SU-2022:2108-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES15 Security Update : rubygem-actionpack-5_1, rubygem-activesupport-5_1 (SUSE-SU-2022:2108-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2108-1 advisory. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the...
WordPress Social Share Buttons plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons plugin 2.2.2 and earlier versions are vulnerable to cross-site request forgery...
Klapp App 授权问题漏洞
Klapp App is a Cordova-based web and mobile application from Klapp, Switzerland. A security vulnerability exists in Klapp App that stems from incorrect authentication in JSON WEB TOKEN...
WordPress plugin Social Share Buttons 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons plugin 2.2.2 and earlier versions are vulnerable to cross-site request forgery...
GHSA-JMRX-5G74-6V2F Kubernetes client-go library logs may disclose credentials to unauthorized users
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
CVE-2022-1426
An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed ...
CVE-2021-31559
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...
CVE-2021-31559
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...
PT-2022-10035 · Splunk · Splunk Enterprise Indexer
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise Indexer versions 8.1 through 8.1.4 Splunk Enterprise Indexer versions 8.2 through 8.2.0 Description: A crafted request can bypass S2S TCP Token authentication, allowing arbitrary events to be written to an index. This issue...
Splunk Enterprise 授权问题漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...