CVE-2023-4815 Missing Authentication for Critical Function in answerdev/answer

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3...

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.12 and earlier

Summary This fix upgrades to node 18.16.1. Vulnerability Details CVEID:CVE-2023-30584 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file permissions. By sending a specially crafted request, an attacker could...

Chatbot < 4.7.8 - Admin+ Stored XSS in FAQ Builder

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "WPBot Lite - Setting -...

GHSA-J63X-F657-2M9G Answer has Weak Password Requirements

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0...

GHSA-V9VC-7X69-C2X8 Answer Missing Authorization vulnerability

Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4124

Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4126

Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...

CVE-2023-4127

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4127 Race Condition within a Thread in answerdev/answer

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4127 Race Condition within a Thread in answerdev/answer

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1...

CVE-2023-4126 Insufficient Session Expiration in answerdev/answer

Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...

CVE-2023-4126 Insufficient Session Expiration in answerdev/answer

Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...

CVE-2023-4126 Insufficient Session Expiration in answerdev/answer

Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0...

CVE-2023-4125 Weak Password Requirements in answerdev/answer

Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0...

CVE-2023-4124 Missing Authorization in answerdev/answer

Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1...

answer Security breach

answer is an open source knowledge-based community software. A security vulnerability exists in answerdev/answer versions prior to 1.1.1, which stems from a conditional contention issue in threads...

PT-2023-27880 · Answer · Answer

Name of the Vulnerable Software and Affected Versions: answer versions prior to 1.1.1 Description: The issue is related to a race condition within a thread. This condition can occur in the GitHub repository answerdev/answer. Recommendations: For versions prior to 1.1.1, update to version 1.1.1 or...

PT-2023-27863 · Answer +3 · Answer +2

Name of the Vulnerable Software and Affected Versions: answer versions prior to 1.1.1 Description: The issue concerns a Missing Authorization vulnerability. Recommendations: For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue...

answer Code Issue Vulnerability

answer is an open source knowledge-based community software. A code issue vulnerability exists in answerdev/answer versions prior to 1.1.0 that stems from a session expiration insufficiency issue that allows an attacker to reuse old session credentials or IDs for authorization...

PT-2023-27873 · Answer +3 · Answer +2

Name of the Vulnerable Software and Affected Versions: answer versions prior to 1.1.0 Description: The issue concerns insufficient session expiration. Recommendations: For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue...