5 matches found
CVE-2025-65031
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...
CVE-2025-65031 Rallly Improper Authorization in Comment Endpoint Allows User Impersonation
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...
CVE-2025-65031
CVE-2025-65031 affects Rallly versions prior to 4.5.4. A flaw in the comment creation endpoint allows an authenticated user to impersonate arbitrary users by altering the authorName field in the API request, potentially attributing comments to administrators or other privileged accounts and enabl...
CVE-2025-65031 Rallly Improper Authorization in Comment Endpoint Allows User Impersonation
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an improper authorization flaw in the comment creation endpoint allows authenticated users to impersonate any other user by altering the authorName field in the API request. This enables attackers to post comments...
Malicious code in sap-authorname (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 49f6a7dcc6ffdad141171d897bd68b41d79e097dbbfc7e91edce937aa5d5444d The OpenSSF Package Analysis project identified 'sap-authorname' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...