8 matches found
CVE-2026-41166
Summary of CVE-2026-41166 : OpenRemote prior to v1.22.1 allows a user with the OpenRemote Keycloak realm role write:admin in one realm to call the Manager API and update realm roles for users in a different realm, including the master realm. The underlying issue is that the handler uses the {real...
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
...
SUSE CVE-2023-28154
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...
DEBIAN-CVE-2023-28154
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...
UBUNTU-CVE-2023-28154
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...
PT-2023-21600 · Webpack +3 · Webpack +3
Name of the Vulnerable Software and Affected Versions: Webpack versions prior to 5.76.0 Description: The issue concerns cross-realm object access. Specifically, the ImportParserPlugin.js mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to...
keycloak: cross-realm user access auth bypass
A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...
keycloak: cross-realm user access auth bypass
A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...