9 matches found
CVE-2026-43917
CVE-2026-43917 (Dokploy) describes an IDOR due to a missing organization scoping check in the protectedProcedure middleware prior to 0.19.0. The middleware only validates authentication, not that the resource’s organization matches the session’s activeOrganizationId, enabling cross-organization a...
EUVD-2026-33361
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...
PT-2026-44929
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...
CVE-2023-41264
Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret...
CVE-2023-41264
Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret...
Authentication flaw
Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret...
CVE-2023-41264
Netwrix Usercube prior to 6.0.215 exposes an authentication bypass on misconfigured on‑prem deployments, enabling privilege escalation via the deployment endpoints POST /api/Deployment/ExportConfiguration and POST /api/Deployment when restSettings.AuthorizedClientId and restSettings.AuthorizedSec...
CVE-2023-41264
Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret...
PT-2023-27877 · Netwrix · Netwrix Usercube
Name of the Vulnerable Software and Affected Versions: Netwrix Usercube versions prior to 6.0.215 Description: The issue allows authentication bypass on deployment endpoints, leading to privilege escalation in certain misconfigured on-premises installations. This occurs when the configuration omi...