4 matches found
CVE-2025-62293
SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...
CVE-2025-62293
SOPlanning is affected by Broken Access Control in the /status endpoint due to missing permission checks in Project Status functionality. An authenticated attacker can add, edit, or delete statuses. A fix is available in version 1.55. The CVE-entry is supported by Red Hat and EU vulnerability ref...
CVE-2025-62293 Broken Access Control in SOPlanning
SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and delete any status. This issue was fixed in version 1.55...
UBUNTU-CVE-2025-21626
GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the status.php endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the status.p...