Lucene search
K

815 matches found

Prion
Prion
added 2020/06/19 7:15 p.m.14 views

Design/Logic Flaw

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

7.5CVSS9.4AI score0.01175EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/19 6:10 p.m.22 views

CVE-2017-18885

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

9.6AI score0.01175EPSS
Exploits0References1
NVD
NVD
added 2020/06/03 1:15 p.m.30 views

CVE-2020-2191

Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels...

4.3CVSS4.6AI score0.00656EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.4 views

PT-2020-15405 · Jenkins · Jenkins Self-Organizing Swarm Plug-In Modules Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Self-Organizing Swarm Plug-in Modules Plugin versions 3.20 and earlier Description: The issue concerns the lack of permission checks on API endpoints that allow adding and removing agent labels. This allows users with Agent/Create...

5.4CVSS4.4AI score0.00656EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2020/02/22 1:28 a.m.31 views

CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

5.3CVSS1.7AI score0.01412EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/19 7:55 p.m.3 views

jenkins: REST APIs vulnerable to clickjacking

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...

5.4CVSS6AI score0.0185EPSS
Exploits0References4
Prion
Prion
added 2020/01/31 1:15 p.m.14 views

Information disclosure

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

5CVSS5.2AI score0.01412EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/01/31 1:15 p.m.17 views

CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

5.3CVSS6.8AI score0.01412EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/01/31 12:19 p.m.28 views

CVE-2020-7955

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...

5.3CVSS5.4AI score0.01412EPSS
Exploits0
Prion
Prion
added 2020/01/06 8:15 a.m.23 views

Sql injection

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DC...

9CVSS8AI score0.46935EPSS
Exploits10References2Affected Software1
Cvelist
Cvelist
added 2019/12/31 4:53 p.m.12 views

CVE-2019-12837

The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints...

4.6AI score0.01105EPSS
Exploits1References1
NVD
NVD
added 2019/11/21 3:15 p.m.38 views

CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

4.3CVSS4.3AI score0.00691EPSS
Exploits0References2
OSV
OSV
added 2019/11/21 3:15 p.m.17 views

CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

4.3CVSS6.2AI score
Exploits0References2
Prion
Prion
added 2019/11/21 3:15 p.m.26 views

Design/Logic Flaw

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

4CVSS4.2AI score0.00691EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/21 2:11 p.m.41 views

CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

4.3AI score0.00691EPSS
Exploits0References2
CVE
CVE
added 2019/11/21 2:11 p.m.80 views

CVE-2019-16547

CVE-2019-16547 affects the Jenkins Google Compute Engine Plugin (versions up to 4.1.1). The issue is missing permission checks on several API endpoints, allowing users with Overall/Read to obtain limited information about the plugin configuration and environment. In practice, the impact is inform...

4.3CVSS4.2AI score0.00691EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2019/11/21 2:11 p.m.34 views

CVE-2019-16547

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

4.3CVSS4.2AI score0.00691EPSS
Exploits0References2
Wallarm Lab
Wallarm Lab
added 2019/10/10 8:14 p.m.10 views

Frenemy at the Gates: The Breaching

Online businesses have to be careful. It’s a dangerous world, full of anonymous people and services wearing digital skins. It sounds horrific because it is. On the other side of a transaction, could be anyone. Extra measures have to be made to secure web interfaces and API endpoints that online...

1.5AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2019/10/10 8:14 p.m.11 views

Frenemy at the Gates: The Breaching

Online businesses have to be careful. It’s a dangerous world, full of anonymous people and services wearing digital skins. It sounds horrific because it is. On the other side of a transaction, could be anyone. Extra measures have to be made to secure web interfaces and API endpoints that online...

1.5AI score
Exploits0
UbuntuCve
UbuntuCve
added 2019/09/09 7:15 p.m.26 views

CVE-2019-11605

An issue was discovered in GitLab Community and Enterprise Edition 11.8.x before 11.8.10, 11.9.x before 11.9.11, and 11.10.x before 11.10.3. It allows Information Disclosure. A small number of GitLab API endpoints would disclose project information when using a readuser scoped token...

7.5CVSS7.1AI score0.01163EPSS
Exploits0References2
Rows per page
Query Builder