3 matches found
CVE-2025-1007
creationtimestamp| type| source ---|---|--- 2025-02-19 09:15:41+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lijgts42qu2t 2025-02-19 12:02:57+00:00| seen| https://t.me/cvedetector/18413 2025-02-19 15:39:58+00:00| seen|...
CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...
CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details
In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...