CVE-2024-41664 Blind SSRF via Canarytoken Webhook

Canarytokens help track activity and actions on a network. Prior to sha-8ea5315, Canarytokens.org was vulnerable to a blind SSRF in the Webhook alert feature. When a Canarytoken is created, users choose to receive alerts either via email or via a webhook. If a webhook is supplied when a Canarytok...

Canarytokens 安全漏洞

Canarytokens is an open source web activity tracking system from Thinkst Applied Research. A security vulnerability exists in Canarytokens that stems from a server-side request forgery vulnerability that was discovered in the Webhook alert feature...

PT-2024-29493 · Unknown · Canarytokens

Name of the Vulnerable Software and Affected Versions: Canarytokens versions prior to sha-8ea5315 Description: Canarytokens help track activity and actions on a network. The Webhook alert feature in Canarytokens.org was vulnerable to a blind Server-Side Request Forgery SSRF prior to sha-8ea5315...

CVE-2024-40634 Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to...

CVE-2024-40634 Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to...

GHSA-JMVP-698C-4X3W Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint

Summary This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory OOM kill. The issue...

Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint

Summary This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory OOM kill. The issue...

PT-2024-5127 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.6 Argo CD versions prior to 2.10.15 Argo CD versions prior to 2.9.20 Description: The issue is related to an unauthenticated attacker sending a specially crafted large JSON payload to the "/api/webhook" endpoint...

PT-2024-18941

Name of the Vulnerable Software and Affected Versions github.com/gotenberg/gotenberg/v8/pkg/gotenberg versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/chromium versions prior to 8.1.0 github.com/gotenberg/gotenberg/v8/pkg/modules/webhook versions prior to 8.1.0 Description Th...

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /webhooks/webhookId interface. A low-privileged attacker can exploit this vulnerability to obtain, modify, or...

PT-2024-12684 · Easyappointments +1 · Alextselegidis/Easyappointments +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A BOLA vulnerability in the "GET, PUT, DELETE /webhooks/webhookId" endpoint allows a low-privileged user to fetch, modify, or delete a webhook of any...

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability is due to a failure to properly sanitize the recipients of a webhook event, allowing attackers monitoring webhook events to retrieve the channel IDs of archived or restored channels...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 24, 2024 to June 30, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the rest...

CVE-2024-39807

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...

CVE-2024-39807

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...

CVE-2024-39807 Channel IDs of archived/restored channels leaked via webhook events

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...

CVE-2024-39807

Mattermost Mattermost-server is affected by CVE-2024-39807 in versions 9.5.x (≤ 9.5.5) and 9.8.0, due to improper sanitization of webhook event recipients. This can enable an attacker monitoring webhook events to retrieve channel IDs of archived or restored channels, constituting information disc...

CVE-2024-39807 Channel IDs of archived/restored channels leaked via webhook events

Mattermost versions 9.5.x = 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels...

PT-2024-28677 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.5 Mattermost version 9.8.0 Description: The issue arises from the improper sanitization of recipients of a webhook event, allowing an attacker who is monitoring these events to obtain the channel IDs of...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.5.x through 9.5.5 and 9.8.0, which stems from a failure to properly clean up the recipients of a webhook event, which allows an attacker to...