systemcaresitsolutions.com Cross Site Scripting vulnerability OBB-3959854

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

library.dphen1.com Improper Access Control vulnerability OBB-3959812

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

smartdefine.org Improper Access Control vulnerability OBB-3959805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-7711

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...

CVE-2024-6337

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-6800

An XML signature wrapping vulnerability was present in GitHub Enterprise Server GHES when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise...

CVE-2024-6800

CVE-2024-6800 is an XML signature wrapping vulnerability in GitHub Enterprise Server (GHES) affecting SAML authentication with certain IdPs that expose signed federation metadata XML. An attacker with direct network access could forge a SAML response to provision and/or gain access to a user with...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-7711

CVE-2024-7711 is an Incorrect Authorization vulnerability in GitHub Enterprise Server that allowed an attacker to update the title, assignees, and labels of any issue inside a public repository, and was exploitable only within public repos. Affected products: GitHub Enterprise Server versions bef...

CVE-2024-7711

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...

CVE-2024-21689

This High severity RCE Remote Code Execution vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...

CVE-2024-21689

This High severity RCE Remote Code Execution vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...

CVE-2024-21689

This High severity RCE Remote Code Execution vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute...

CVE-2024-21689

CVE-2024-21689 is a high-severity RCE in Atlassian Bamboo Data Center/Server, introduced in versions 9.1.0–9.6.0. An authenticated attacker can execute arbitrary code with high confidentiality, integrity, and availability impact, requiring user interaction. Public details indicate fixed upgrades:...

schoolprograms.skirball.org Cross Site Scripting vulnerability OBB-3959166

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kitchen-cardell.com Cross Site Scripting vulnerability OBB-3958541

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mikseri.net Cross Site Scripting vulnerability OBB-3958532

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GitLab: Removed Guest role user who dosent have access to private project in members able to view jobs

Vulnerability description not provided...

soundtrackcollector.com Cross Site Scripting vulnerability OBB-3958020

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...