3 matches found
OliveTin doesn't check view permission when returning dashboards
Summary An authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be correctly denied, the backend does not enforce IsAllowedView when constructing dashboard and...
UBUNTU-CVE-2018-1000211
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...
CVE-2017-9803
CVE-2017-9803 affects Apache Solrโs Kerberos plugin, where delegation tokens can enable reuse of an end-userโs authentication. The documented issues include leakage of security configuration to non-super users and potential privilege escalation by malicious users when using a SecurityAwareZkACLPr...