16 matches found
EUVD-2007-1645
Malware in sbrugna...
Improper Authorization
DIRAC is vulnerable to Improper Authorization. The vulnerability is caused due to the TokenManager not checking permissions on cached tokens. This allows an attacker to use improperly cached tokens to gain access to resources, data, or functionalities within the DIRAC system for which they do not...
CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...
CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...
DIRAC's TokenManager does not check permissions on cached tokens
Impact Any user could get a token that has been requested by another user/agent Patches The vulnerability is fixed in version 8.0.37. Workarounds None References...
GHSA-59QJ-JCJV-662J DIRAC's TokenManager does not check permissions on cached tokens
Impact Any user could get a token that has been requested by another user/agent Patches The vulnerability is fixed in version 8.0.37. Workarounds None References...
CVE-2023-4910
A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache...
CVE-2023-45814
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
PT-2023-5466 · Red Hat · 3Scale Admin Portal
Name of the Vulnerable Software and Affected Versions: 3Scale Admin Portal affected versions not specified Description: A flaw was found in 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the...
CVE-2019-10137
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitra...
PT-2019-2951 · Red Hat +1 · Spacewalk-Proxy +1
Name of the Vulnerable Software and Affected Versions: spacewalk-proxy versions through 2.9 Description: A path traversal flaw was found in the way the proxy processes cached client tokens. This issue could allow a remote, unauthenticated attacker to test the existence of arbitrary files or execu...
Microsoft Windows 10: Consumer Microsoft account user authentication
When enabled, this policy will prevent all applications and services on the device from new consumer Microsoft account authentication via the Windows OnlineID and WebAccountManager APIs. This policy may not affect applications which have already authenticated until the authentication cache expire...
Design/Logic Flaw
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens...
CVE-2007-1652
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens...
CVE-2007-1652
OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens...