Lucene search
+L

7 matches found

redhatcve
redhatcve
added 2025/10/20 9:27 p.m.15 views

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS7AI score0.00805EPSS
Exploits0References1
osv
osv
added 2025/10/17 1:52 p.m.7 views

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS5.9AI score0.00805EPSS
Exploits0References9
euvd
euvd
added 2025/10/13 1:33 p.m.6 views

EUVD-2025-33747

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies...

8.6CVSS6.4AI score0.00464EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/10/10 3:57 p.m.4 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS6.6AI score0.00464EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/09/09 4:29 p.m.7 views

CVE-2025-48042

Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...

7.1CVSS7AI score0.00293EPSS
Exploits0References1
osv
osv
added 2025/09/07 4:1 p.m.6 views

CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden

Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...

7.1CVSS5.9AI score0.00293EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2025/09/07 12:0 a.m.7 views

PT-2025-36416

Name of the Vulnerable Software and Affected Versions: ash versions prior to 3.5.39 Description: An incorrect authorization vulnerability exists in ash, allowing exploitation of incorrectly configured access control security levels. This issue is associated with program files...

7.1CVSS6.4AI score0.00293EPSS
Exploits0References10
Rows per page
Query Builder