Lucene search
K

7 matches found

NVD
NVD
added 2026/06/20 4:17 p.m.15 views

CVE-2026-56295

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.8 views

EUVD-2026-38122

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.7 views

CVE-2026-56295

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References3
CVE
CVE
added 2026/06/20 3:24 p.m.17 views

CVE-2026-56295

Capgo is affected pre-12.128.2 by an authorization bypass in webhook management endpoints. The issue allows legacy non-expiring API keys to bypass the require_apikey_expiration policy because checkWebhookPermission does not call apikeyHasOrgRightWithPolicy, enabling those keys to list, create, an...

6.3CVSS5.9AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.31 views

CVE-2026-56295 Capgo - Policy Enforcement Bypass in Webhook Management Endpoints via Non-Expiring API Keys

Capgo before 12.128.2 contains an authorization bypass vulnerability in webhook management endpoints that allows non-expiring API keys to bypass the requireapikeyexpiration organization policy. The checkWebhookPermission function fails to call apikeyHasOrgRightWithPolicy, enabling attackers with...

6.3CVSS0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 a.m.17 views

CVE-2019-14955

In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented...

5.3CVSS7AI score0.00915EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/12/17 10:36 a.m.30 views

How to Use Password Length to Set Best Password Expiration Policy

One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limite...

7.2AI score
Exploits0
Rows per page
Query Builder