2 matches found
Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification
Summary A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the credential password hash, bypassing the intended password change workflow. Because the endpoint forwards the entire request body to the...
CVE-2017-2612
CVE-2017-2612 affects Jenkins platforms prior to 2.44 and prior to 2.32.2. The issue allows low-privilege users to override JDK download credentials, which can lead to builds failing to download a JDK in the future. Root cause is improper permission/credential handling for JDK download. The descr...