CVE-2022-31883

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...

PT-2021-22447 · Ghost · Ghost

Name of the Vulnerable Software and Affected Versions: Ghost versions 4.0.0 through 4.9.4 Description: An error in the implementation of the limits service allows all authenticated users, including contributors, to view admin-level API keys via the "integrations API endpoint", leading to a...