35 matches found
SUSE CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
Authentication flaw
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...
CVE-2023-24030
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...
CVE-2023-1136 CVE-2023-1136
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...
CVE-2022-46829
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented...
PT-2022-5626 · Vmware · Vmware Workspace One Assist
Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE Assist versions prior to 22.10 Description: The issue is related to a session fixation problem, where a malicious actor who obtains a valid session token may be able to authenticate to the application using that token. Th...
Improper access control
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...
CVE-2021-27306
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT...
pcs: Debug parameter removal bypass, allowing information disclosure
It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...
Privilege escalation
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
UBUNTU-CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
pcs: Debug parameter removal bypass, allowing information disclosure
It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...
phpMyAdmin -- self XSS in central columns feature
The phpMyAdmin team reports: Summary Self XSS in central columns feature Description A self-cross site scripting XSS vulnerability has been reported relating to the central columns feature. Severity We consider this vulnerability to be of moderate severity. Mitigation factor A valid token must be...
Self XSS in central columns feature
PMASA-2018-1 Announcement-ID: PMASA-2018-1 Date: 2018-02-20 Summary Self XSS in central columns feature Description A self-cross site scripting XSS vulnerability has been reported relating to the central columns feature. Severity We consider this vulnerability to be of moderate severity. Mitigati...