16 matches found
AWS VDP: QuickSight Authorization Bypass: Chat Agents Accessible Despite Custom Permissions Denial
A vulnerability was discovered in Amazon Quick Suite formerly QuickSight that allowed users to access and interact with AI chat agents, despite administrative restrictions being in place to disable this functionality. The vulnerability was caused by the lack of proper server-side authorization...
DRUPAL-CONTRIB-2026-011
This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios...
PT-2026-22082
Name of the Vulnerable Software and Affected Versions Drupal Material Icons versions prior to 2.0.4 Description The Drupal Material Icons module has an authorization issue. Insufficient permissions are added to dialog and autocomplete routes, potentially granting full access to these routes in ma...
EUVD-2024-54067
Malicious code in bioql PyPI...
CVE-2024-7296 Incorrect Authorization in GitLab
An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...
ASB-A-153879813
In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
DRUPAL-CONTRIB-2019-055
This module enables you to add and manage additional custom permissions through the administration UI. The module doesn't sufficiently check for the proper access permissions to this page. This vulnerability is mitigated by the fact that an attacker must know the route of the Custom Permissions...
Custom Permissions - Critical - Access bypass - SA-CONTRIB-2019-055
This module enables you to add and manage additional custom permissions through the administration UI. The module doesn't sufficiently check for the proper access permissions to this page. This vulnerability is mitigated by the fact that an attacker must know the route of the Custom Permissions...
Custom Permissions - Moderately critical - Access bypass - SA-CONTRIB-2018-010
This module enables the user to set custom permissions per path. The module doesn't perform sufficient checks on paths with dynamic arguments like "node/1" or "user/2", thereby allowing the site administrator to save custom permissions for paths that won't be protected. This could lead to an acce...
Backup and Migrate - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-004
This module enables you to create manual and scheduled backups of a site, and restore the site from backup. The module doesn't sufficiently identify that its custom permissions are risky and should only be granted to highly trusted roles. Sites using this module should review the permissions page...
Custom Permissions - Moderately critical - Access bypass - SA-CONTRIB-2017-083
Custom Permissions is a lightweight module that allows permissions to be created and managed through an administrative form. When this module is in use, any user who is able to perform an action which rebuilds some of Drupal's caches can trigger a scenario in which certain pages protected by this...
CVE-2017-0593
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications...
CVE-2017-0593
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications...
CVE-2017-0593
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications...
UBUNTU-CVE-2017-0593
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications...
Cisco WebEx Meetings for Android Custom Permissions Vulnerability
A vulnerability in the custom application permissions handling for Cisco WebEx Meetings for Android could allow an unauthenticated, remote attacker to change platform-specific permissions of a custom application. The vulnerability is due to the way custom application permissions are assigned at...