GHSA-CHF8-4HV6-8PG6 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives

Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...

PT-2023-31629 · Mindsdb · Mindsdb

Name of the Vulnerable Software and Affected Versions: MindsDB versions prior to 23.11.4.1 Description: The issue concerns a path injection vulnerability in the put method of mindsdb/mindsdb/api/http/namespaces/file.py. This vulnerability allows arbitrary file contents to be written due to the la...

UBUNTU-CVE-2012-2352

The archive management arcmanage page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the 1 doarcmanage, 2 doarcdownload, or 3 doarcdelete functions...