8 matches found
GHSA-53MR-6C8Q-9789 LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
Impact The /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to...
EUVD-2023-2989
Malicious code in bioql PyPI...
CVE-2023-47865
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the...
Joomla! 安全漏洞
Joomla! is a free, open source content management system from Joomla! open source. A security vulnerability exists in Joomla! versions 4.0.0 through 4.4.6 and 5.0.0 through 5.1.2, which stems from the presence of improper access control that allows a back-end user to override his or her username...
CVE-2023-47865
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the...
CVE-2023-47865 Username and Icon override can be used by members when Hardened Mode is enabled
Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the...
PT-2023-30649 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from Mattermost's failure to check if hardened mode is enabled when overriding the username and/or the icon when posting. If settings allow integrations to override the...
BoreD Agent 安全漏洞
BoreD Agent is an open source agent for the BoreD tunneling daemon from the US-based Lens team. A security vulnerability exists in BoreD Agent versions prior to v0.6.1, which stems from an inability to clear incoming kubernetes emulation headers, which can be exploited by an attacker to override...