6 matches found
CVE-2025-26330
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account...
CVE-2025-26330
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability to access the cluster with previous privileges of a disabled user account...
CVE-2025-26330
Dell PowerScale OneFS, versions 9.4.0.0–9.10.0.1, contains an authorization logic error where an unauthenticated, locally-present attacker could access cluster resources with the historical privileges of a disabled account. Root cause described as incorrect authorization/disabled-state verificati...
CVE-2022-44023
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts...
CVE-2021-26921
CVE-2021-26921 affects Argo CD before 1.8.4, from the util/session/sessionmanager.go code. The root issue allows tokens to remain valid after the associated user account is disabled, enabling continued token authentication despite deactivation. The impact is described across multiple sources (e.g...
CVE-2012-3426
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...