Lucene search
K

1888 matches found

Prion
Prion
added 2022/04/12 5:15 p.m.26 views

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

6CVSS8.8AI score0.02322EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2022/04/12 5:15 p.m.79 views

CVE-2022-24812

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

8.8CVSS1.9AI score0.02322EPSS
Exploits0
Cvelist
Cvelist
added 2022/04/12 5:0 p.m.26 views

CVE-2022-24812 FGAC API Key privilege escalation in Grafana

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

8CVSS9.1AI score0.02322EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/04/12 5:0 p.m.6 views

CVE-2022-24812 FGAC API Key privilege escalation in Grafana

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

8CVSS8.8AI score0.02322EPSS
Exploits0References4
CVE
CVE
added 2022/04/12 5:0 p.m.129 views

CVE-2022-24812

Grafana Enterprise FGAC API Key privilege escalation (CVE-2022-24812): when fine-grained access control is enabled and multiple API Keys exist in an organization, the API key permissions are cached for 30 seconds using a stale cache ID, causing subsequent requests to inherit previous admin permis...

8.8CVSS8.3AI score0.02322EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/04/12 5:0 p.m.29 views

CVE-2022-24812 FGAC API Key privilege escalation in Grafana

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

8CVSS9.2AI score0.02322EPSS
Exploits0References6
0day.today
0day.today
added 2022/04/01 12:0 a.m.256 views

WordPress Uleak Security Dashboard 1.2.3 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin uleak-security-dashboard 1.2.3 - Stored Cross-Site Scripting Authenticated Date: 31-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/uleak-security-dashboard/ Version: 1.2.3 Tested on: Firefox Contact me: h at...

7.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2022/03/30 12:0 a.m.15 views

Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed PoC Put the following payload in the API Key settings of the plugin: 'alert/XSS/...

4.8CVSS1.5AI score0.00955EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/30 12:0 a.m.19 views

Use Any Font < 6.2.1 - API Key Deactivation via CSRF

The plugin does not have CSRF check in place when deactivating its API key, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

5.4CVSS4.9AI score0.00374EPSS
Exploits0Affected Software1
wpexploit
wpexploit
added 2022/03/30 12:0 a.m.105 views

Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed Put the following payload in the API Key settings of the plugin: 'alert/XSS/ The XSS will be...

4.8CVSS4.8AI score0.00955EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.133 views

SearchIQ < 3.9 - Unauthenticated Stored XSS

The plugin contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siqajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter Once the plugin is configur...

6.1CVSS0.8AI score0.00837EPSS
Exploits2
Kitploit
Kitploit
added 2022/03/10 8:30 p.m.24 views

ASSAMEE - Free Advance Encryptor For Anon Cloud

ASSAMEE is a free Advance encryptor for Anonfiles. It uses an advanced encryption method to encrypt the directory with AES-256. The data will store on anonfiles.com in an encrypted format. The ASSAMEE requires a download ID to download and decrypt the data from Anonfiles. Downloading encrypted da...

7.2AI score
Exploits0References1
Metasploit
Metasploit
added 2022/03/07 5:42 p.m.642 views

APISIX Admin API default access token RCE

Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...

9.8CVSS8.4AI score0.96182EPSS
Exploits18
ATTACKERKB
ATTACKERKB
added 2022/02/25 3:15 p.m.5 views

CVE-2022-24327

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions...

7.5CVSS7.1AI score0.00924EPSS
Exploits0References3
NVD
NVD
added 2022/02/25 3:15 p.m.23 views

CVE-2022-24327

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions...

7.5CVSS0.00924EPSS
Exploits0References2
Prion
Prion
added 2022/02/25 3:15 p.m.19 views

Code injection

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions...

5CVSS7.5AI score0.00924EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/25 2:34 p.m.678 views

CVE-2022-24327

Summary: CVE-2022-24327 affects JetBrains Hub prior to 2021.1.13890, where the JetBrains Account integration exposed an API key with excessive permissions. The vulnerability stems from improper access controls during account integration, enabling an attacker who could exploit the exposed key to a...

7.5CVSS7.5AI score0.00924EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/25 2:34 p.m.25 views

CVE-2022-24327

In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions...

8.2AI score0.00924EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/02/21 12:0 a.m.19 views

Petfinder Listings < 1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of the text field settings of the plugin such as 'Your Petfinder API Key v1.0': "...

4.8CVSS2.8AI score0.00612EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.130 views

Petfinder Listings < 1.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the text field settings of the plugin such as 'Your Petfinder API Key v1.0': "...

4.8CVSS0.8AI score0.00612EPSS
Exploits2
Rows per page
Query Builder