2 matches found
GHSA-3V2X-9XCV-2V2V SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions
Unprivileged users for example, those with the database editor role can create or modify fields in records that contain functions or futures. Futures are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who...
pulpcore: RBAC permissions incorrectly assigned in tasks that create objects
A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...