8 matches found
PT-2026-52910
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description An authorization context confusion and Insecure Direct Object Reference IDOR exist within the Calendar and Team Planner modules. A user with management...
Effect Monorepo 竞争条件问题漏洞
Effect Monorepo is a functional framework developed by Effect Open Source for building TypeScript applications. Versions of Effect Monorepo prior to 3.20.0 contained a race condition vulnerability, which was caused by context confusion in RpcServer.toWebHandler, potentially allowing access to the...
CVE-2026-30225
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
CVE-2026-30225
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
OliveTin 安全漏洞
OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 3.00.11.1 contained security vulnerabilities. These vulnerabilities were caused by authentication context confusion in the RestartAction, which could allow low-privilege verified users to perform...
GHSA-P443-P7W5-2F7F OliveTin's RestartAction always runs actions as guest
Summary An authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new internal connect.Request without preserving the original caller’s authentication headers or cookie...
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
A context confusion vulnerability was identified in Keystone authtoken middleware shipped in python-keystoneclient before 0.7.0. By doing repeated requests, with sufficient load on the target system, an authenticated user may in certain situations assume another authenticated user's complete...
GHSA-GWVQ-RGQF-993F python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
A context confusion vulnerability was identified in Keystone authtoken middleware shipped in python-keystoneclient before 0.7.0. By doing repeated requests, with sufficient load on the target system, an authenticated user may in certain situations assume another authenticated user's complete...