3 matches found
CVE-2026-59709 Ghostfolio - Unauthorized Portfolio Holding Tag Modification via Missing Permission Check
Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove...
CVE-2026-59709 Ghostfolio - Unauthorized Portfolio Holding Tag Modification via Missing Permission Check
Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove...
PT-2022-13946 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: Gitlab CE/EE versions 13.2 through 14.8.5 Gitlab CE/EE versions 14.9 through 14.9.3 Gitlab CE/EE versions 14.10 through 14.10.0 Description: The issue allows disclosure of details of confidential notes created via the API if an unauthorized...