Directory traversal

The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...

CVE-2022-25377

Summary : Multiple sources (Red Hat, Veracode, OSV, GHSA, NVD mirrors) confirm a directory-traversal flaw in Appwrite’s ACME-challenge endpoint. Affected versions : Appwrite 0.5.0 through 0.12.x before 0.12.2. The vulnerability requires the path APP_STORAGE_CERTIFICATES/.well-known/acme-challenge...

CVE-2022-45174

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backupcode endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by...

CVE-2022-45173

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the...

多款产品授权问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from the ability to bypass two-factor authentication at /api/v1/vdeskintegration/challenge...

LIVEBOX Collaboration vDesk 授权问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions that stems from the ability to bypass two-factor authentication for SAML users under /login/backupcode and...