Lucene search
K

3 matches found

OSV
OSV
added 2026/04/16 10:48 p.m.5 views

GHSA-P7MM-R948-4Q3Q Paperclip: Approval decision attribution spoofing via client-controlled `decidedByUserId` in paperclip server

Summary The approval-resolution endpoints POST /approvals/:id/approve, /reject, /request-revision accept a client-supplied decidedByUserId field in the request body and write it verbatim into the authoritative approvals.decidedByUserId column — without cross-checking it against the authenticated...

4.3CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/04 6:49 p.m.5 views

CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

5.3CVSS6.4AI score0.00301EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/04 6:49 p.m.14 views

CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

5.3CVSS0.00301EPSS
Exploits0References3
Rows per page
Query Builder