CVE-2022-38367

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint...

CVE-2022-38367

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint...

Authorization

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint...

CVE-2022-38367

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint...

CVE-2022-38367

CVE-2022-38367 affects the Netic User Export add-on for Atlassian Jira (pre-2.0.6). The root cause is missing authorization checks on the affected endpoint, enabling an unauthenticated user to export all Jira users via an HTTP request. Impact is explicit in the sources: potential exposure of user...

Atlassian Jira 安全漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage various types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira versions prior to 2.0.6 that stems from the Netic User Export plugi...

PT-2022-24389 · Atlassian · Netic User Export +1

Name of the Vulnerable Software and Affected Versions: Netic User Export add-on for Atlassian Jira versions prior to 2.0.6 Description: The issue is related to the lack of authorization checks in the Netic User Export add-on. This might allow an unauthenticated user to export all users from Jira ...

PT-2022-16875 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.8.2 and prior in the stable branch Discourse versions 2.9.0.beta3 and prior in the beta branch Discourse versions 2.9.0.beta3 and prior in the tests-passed branch Description: Discourse is an open source discussion...

Contest Gallery < 13.1.0.7 - Subscriber+ Email Address Disclosure

The plugin does not have any proper access controls when exporting users from a gallery, which could allow any authenticated users such as subscriber to list all users from the blog, disclosing their username and email address PoC POST...

DRUPAL-CONTRIB-2021-002

The Social User Export module enables users within Open Social to create an export of users and download this to a CSV file. The module doesn't sufficiently check access when building the CSV file, allowing logged-in users without the manage members permission to be able to export all data from a...

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2021-002

The Social User Export module enables users within Open Social to create an export of users and download this to a CSV file. The module doesn't sufficiently check access when building the CSV file, allowing logged-in users without the manage members permission to be able to export all data from a...

Fedora 30 : phpMyAdmin (2019-8f55b515f1)

Upstream announcement : phpMyAdmin 4.9.2 is released 2019-11-22 Welcome to phpMyAdmin 4.9.2, a bugfix release that also contains a security fix. This security fix is part of an ongoing effort to improve the security of the Designer feature and is designated PMASA-2019-5. There is also an...