Lucene search
K

32 matches found

Github Security Blog
Github Security Blog
added 2026/03/12 2:20 p.m.11 views

OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream

Summary OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control...

7.1CVSS6AI score0.00431EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/11 8:5 p.m.13 views

CVE-2026-32102

OliveTin's 3000.10.2 and earlier versions expose action output via the live EventStream to authenticated dashboard subscribers without per-action authorization, enabling a low-privileged user to view restricted outputs. Affected component: EventStream/broadcast of execution events and action outp...

7.1CVSS5.9AI score0.00431EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/11 8:5 p.m.4 views

CVE-2026-32102 OliveTin Unauthorized Action Output Disclosure via EventStream

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

7.1CVSS6AI score0.00431EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/11 8:5 p.m.27 views

CVE-2026-32102 OliveTin Unauthorized Action Output Disclosure via EventStream

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

7.1CVSS0.00431EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:51 p.m.4 views

Malicious code in eventstream-serde-config-resolver (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 12:51 p.m.3 views

MAL-2024-9605 Malicious code in eventstream-serde-universal (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:51 p.m.3 views

Malicious code in eventstream-serde-universal (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 12:51 p.m.5 views

MAL-2024-9604 Malicious code in eventstream-serde-config-resolver (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:51 p.m.3 views

Malicious code in eventstream-serde-browser (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 12:51 p.m.4 views

MAL-2024-9603 Malicious code in eventstream-serde-browser (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 12:51 p.m.5 views

Malicious code in eventstream-codec (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/10/16 12:51 p.m.6 views

MAL-2024-9602 Malicious code in eventstream-codec (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Rows per page
Query Builder