33 matches found
EUVD-2018-13776
Malware in sbrugna...
EUVD-2022-34595
Malicious code in bioql PyPI...
EUVD-2023-0969
Malicious code in bioql PyPI...
CVE-2023-1774
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
CVE-2022-2326
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an...
BIT-MATTERMOST-2023-1774
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
BIT-GRAFANA-2022-39306 Grafana contains Improper Input Validation
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...
DataHub Security Breach
DataHub is an open source metadata platform for modern data stacks from datahub-project. A security vulnerability exists in versions of DataHub prior to 0.12.1 that stems from allowing an attacker to register an administrator account via an email invitation link...
Incorrect Authorization
gitlab is vulnerable to Incorrect Authorization. The vulnerability allows an attacker to gain access to a private project through an email invite by using other user's email address as an unverified secondary email...
Missing Authorization
Mattermost is vulnerable to Missing Authorization. The vulnerability is due to not checking the inviter's permission on the private channel on a team when inviting a user on that same private channel while processing an email invite. This allows an attacker to invite themselves to a private chann...
Mattermost fails to properly authentication inviter's permissions to private channel
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. Issue Identifier: MMSA-2023-00137...
GHSA-9HJ7-V56G-RHF6 Mattermost fails to properly authentication inviter's permissions to private channel
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. Issue Identifier: MMSA-2023-00137...
Code injection
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
CVE-2023-1774 Unauthorized email invite to a private channel
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
CVE-2023-1774 Unauthorized email invite to a private channel
When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel...
Input validation
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...
Grafana -- Privilege escalation
Grafana Labs reports: Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non existing users get an email invite, existing members are added directly to the organization. When an invite link is sent, it allows users to si...
CVE-2022-2326
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an...
CVE-2022-2459
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to preven...
Code injection
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user's email address as an...