Lucene search
K

5 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0940

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.01876EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/02/10 11:4 p.m.60 views

Server-Side Request Forgery in Karaf

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

6.5CVSS2.7AI score0.01876EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/06/12 10:15 p.m.25 views

CVE-2020-11980

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

6.3CVSS7.1AI score0.01876EPSS
Exploits0References1
Prion
Prion
added 2020/06/12 10:15 p.m.15 views

Privilege escalation

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

6.5CVSS6.6AI score0.01876EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/12 9:55 p.m.103 views

CVE-2020-11980

CVE-2020-11980 affects Apache Karaf JMX where JAAS-based authentication and ACL-based authorization allow a non-admin with a viewer role to call get* via etc/jmx.acl.cfg, potentially triggering getMBeansFromURL to fetch MBeans remotely and register them, enabling SSRF-like behavior and MBean regi...

6.5CVSS6.3AI score0.01876EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder