2 matches found
Improper Handling of Insufficient Permissions or Privileges
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges incomplete revocation of API key permissions during the user demotion process. An attacker can maintain unauthorized access to upload-request management and log viewing endpoin...
PT-2026-23605
Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description Gokapi is a self-hosted file sharing server that includes automatic expiration and encryption support. A flaw in the user rank demotion logic allows a demoted user’s existing API keys to retain...