attackers with role "USER" can create tags

Description It seems that the users with role ""USER" has no permission with creating tags, but we do not enforce it. Ohers operation, like edit and delete has no problem. Proof of Concept pull the latest docker and setup answer 1 create a user with name "normaluser", whose role is "USER" 2 admin...

RHEL 7 : polkit (RHSA-2019:0230)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0230 advisory. The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privilege...

CVE-2013-2776

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the ttytickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another...

CVE-2013-2776

CVE-2013-2776 affects sudo versions 1.3.5–1.7.10p5 and 1.8.0–1.8.6p6, where, on systems without /proc or with tty_tickets enabled, sudo fails to properly validate the controlling terminal. This allows a local user with sudo permissions to hijack another user’s authorization by interacting with th...

CVE-2013-2777

CVE-2013-2777 affects sudo before 1.7.10p5 and 1.8.x before 1.8.6p6 when tty_tickets is enabled. The flaw is improper validation of the controlling terminal device, allowing a local user with sudo privileges to hijack the authorization of another terminal by interacting with the session without a...