CVE-2020-13667

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...

CVE-2020-13667

CVE-2020-13667 describes an access-bypass vulnerability in the Drupal Core Workspaces module where permission checks fail when switching workspaces. Affected are Drupal Core 8.8.x before 8.8.10, 8.9.x before 8.9.6, and 9.0.x before 9.0.6. Attackers could view content without correct permissions; ...

CVE-2021-22155

An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server deployed with Appliance-X versions 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account...

CVE-2021-22155

An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server deployed with Appliance-X versions 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account...

Authentication flaw

An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server deployed with Appliance-X versions 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account...

CVE-2021-22155

The CVE-2021-22155 entry applies to BlackBerry Workspaces Server (Appliance-X deployed) and concerns an Authentication Bypass in the SAML Authentication component for versions 10.1, 9.1 and earlier. The vulnerability could allow an attacker to gain access to the application in the context of the ...

CVE-2021-22155

An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server deployed with Appliance-X versions 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account...

Blackberry Workspaces Server 安全漏洞

Blackberry Workspaces Server is an application from Blackberry of Canandaigua, Inc. an enterprise-grade content collaboration platform. A security vulnerability exists in BlackBerry Workspaces Server. It is possible for an attacker to gain access to the application in the context of the target...

Code injection

UNSUPPORTED WHEN ASSIGNED The unofficial vscode-sass-lint aka Sass Lint extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintaine...

Race Condition

jenkins is vulnerable to a Race Condition. This vulnerability exists due to a lack of validation of time-of-check to time-of-use, which allows an attacker to read arbitrary files using the file browser for workspaces and archived artifacts...

jenkins: Filesystem traversal by privileged users

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

jenkins: Filesystem traversal by privileged users

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

CVE-2021-21602

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks...

CVE-2021-21615

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

CVE-2021-21615

Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use TOCTOU race condition...

PT-2021-14645 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue allows attackers to read arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. This is possible because...

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

Cross site request forgery (csrf)

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...