2 matches found
GHSA-4G9C-3X4P-MFPP Spring gRPC SecurityContext leaks across requests upon authorization failure
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...
PT-2019-16973 · Ibm · Ibm Security Information Queue
Name of the Vulnerable Software and Affected Versions: IBM Security Information Queue ISIQ versions 1.0.0 through 1.0.2 Description: The issue allows web pages to be stored locally, which can then be read by another user on the system. Recommendations: For versions 1.0.0 through 1.0.2, consider...