Lucene search
K

65 matches found

OSV
OSV
added 2024/10/31 12:30 a.m.15 views

GHSA-CHGM-7R52-WHJJ Hashicorp Consul Path Traversal vulnerability

A vulnerability was identified in Consul and Consul Enterprise "Consul" such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.6CVSS6.5AI score0.00725EPSS
Exploits0References7
NVD
NVD
added 2024/10/30 10:15 p.m.42 views

CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.1CVSS0.00725EPSS
Exploits0References2
OSV
OSV
added 2024/10/30 10:15 p.m.4 views

DEBIAN-CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

5.8CVSS7.6AI score0.00725EPSS
Exploits0References1
OSV
OSV
added 2024/10/30 9:19 p.m.17 views

CVE-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.1CVSS7.1AI score0.00725EPSS
Exploits0References5
CVE
CVE
added 2024/10/30 9:19 p.m.152 views

CVE-2024-10005

CVE-2024-10005 affects Consul and Consul Enterprise. The issue arises from using URL paths in L7 traffic intentions, allowing bypass of HTTP request path-based access rules. Evidence from multiple sources (NVD entry and industry advisories) confirms the vulnerability in Consul’s URL path handling...

8.1CVSS6.6AI score0.00725EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/10/30 9:19 p.m.16 views

CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...

8.1CVSS7.6AI score0.00725EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.5 views

PT-2024-8623 · Hashicorp +4 · Hashicorp Consul +4

Name of the Vulnerable Software and Affected Versions: Consul versions 1.9.0 through 1.20.1 Description: A vulnerability was identified in Consul such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. This issue allows a remote attacker to bypass...

9.9CVSS6.3AI score0.97781EPSS
Exploits21References120
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.209 views

JBoss Status Servlet Information Gathering

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Status Servlet Information Gathering', 'Description' = %q This module queries the JBoss status servlet to collect sensitive information,...

5CVSS6.9AI score0.53728EPSS
Exploits9
Cvelist
Cvelist
added 2023/10/22 12:0 a.m.20 views

CVE-2023-46321

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...

9.8AI score0.00656EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/08/15 3:6 a.m.3 views

SUSE CVE-2023-40274

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handlerequest function, used by the server to process HTTP requests, does not account for sequences of special path control...

7.5CVSS7AI score0.00921EPSS
Exploits1References3
NVD
NVD
added 2023/06/06 8:15 p.m.27 views

CVE-2023-34409

In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...

9.8CVSS9.4AI score0.01278EPSS
Exploits0References1
Prion
Prion
added 2023/02/08 7:15 p.m.16 views

Code injection

IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210...

6.5CVSS8.1AI score0.00532EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 11:19 a.m.16 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for user privilege escalation

Summary IBM Cloud Pak for Multicloud Management Monitoring has patched for users without admin roles. Non-admin user should not access to admin functions by specifying direct URL paths. Vulnerability Details IBM X-Force ID: 238210 DESCRIPTION: IBM Cloud Pak for Multicloud Management Monitoring...

6.6AI score
Exploits0Affected Software1
Veracode
Veracode
added 2023/01/26 3:36 a.m.15 views

Privilege Escalation

cakephp/cakephp is vulnerable to Privilege Escalation. A remote attacker is able to directly access prefixed actions without setting the correct request parameters due to unconventional URL paths, which allows an attacker to elevate privileges when the authorization depends on the presence of the...

6.7AI score
Exploits0
0day.today
0day.today
added 2023/01/26 12:0 a.m.357 views

Secure Web Gateway 10.2.11 Cross Site Scripting Vulnerability

Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure We...

6.1CVSS6.2AI score0.0189EPSS
Exploits4
OSV
OSV
added 2023/01/20 11:34 p.m.13 views

GHSA-6HG4-VP5Q-47MW CakePHP allows direct access of prefixed controller actions

Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters...

7.1AI score
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/01/20 11:34 p.m.15 views

CakePHP allows direct access of prefixed controller actions

Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters...

5.2AI score
Exploits0References7Affected Software1
NVD
NVD
added 2023/01/18 11:15 a.m.40 views

CVE-2023-0214

A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be...

6.1CVSS6AI score0.0189EPSS
Exploits4References1
Cvelist
Cvelist
added 2023/01/18 10:49 a.m.36 views

CVE-2023-0214 XSS in Skyhigh Security SWG

A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be...

6.1CVSS6.2AI score0.0189EPSS
Exploits4References1
Veracode
Veracode
added 2022/08/02 9:27 a.m.19 views

Directory Traversal

sanic is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of URL paths in the handler function allowing an attacker to access lateral directories when using app.static if using encoded %2F URLs...

8.3CVSS7.1AI score0.00919EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder