61 matches found
CVE-2024-7456
The CVE-2024-7456 issue affects lunary-ai/lunary v1.4.2, where the /api/v1/external-users route constructs an ORDER BY clause using sql.unsafe without server-side sanitization, enabling SQL injection. Impact per sources: potential complete data loss/modification/corruption. Public details across ...
PT-2024-38366 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version v1.4.2 Description: A SQL injection vulnerability exists in the "/api/v1/external-users" route. The order by clause of the SQL query uses sql.unsafe without prior sanitization, allowing for SQL injection. The...
CVE-2024-7474
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...
CVE-2024-7474 IDOR in lunary-ai/lunary
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference IDOR vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. The application does not perform adequate checks on the 'id' parameter, allowing unauthorized access...
Lunary 访问控制错误漏洞
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary, which stems from an insecure direct object reference IDOR vulnerability that can be exploited by an attacker to manipulate the id parameter in a request URL to view or delete an...
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
Impact Versions from 1.2.0 to 1.3.1 of Astro-Shield allow to bypass the allow-lists for cross-origin resources by introducing valid integrity attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believ...
GHSA-W387-5QQW-7G8M Content-Security-Policy header generation in middleware could be compromised by malicious injections
Impact When the following conditions are met: - Automated CSP headers generation for SSR content is enabled - The web application serves content that can be partially controlled by external users Then it is possible that the CSP headers generation feature might be "allow-listing" malicious inject...
Top 5 Marketing Tech SaaS Security Challenges
Effective marketing operations today are driven by the use of Software-as-a-Service SaaS applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and...
HTML5 external users are not able to launch applications via Netscaler Gateway, Workspace works.
Users connecting externally are not able to launch connections with the Light HTML5 browser access but are able to launch with the Workspace App. Error displayed: "Citrix Workspace app cannot connect to the server. Please check your network connection or contact your help desk for assistance."...
External Users Unable to Authenticate via Workspace App
External users unable to authenticate the workspace app after upgrading the firmware to 13.0 build 33.52 but they can login through the web browser. Error : While logging through the workspace by giving the credentials it will again loop back to the same login page by throwing an error : "Incorre...
Privilege Escalation
github.com/pydio/cells is vulnerable to Privilege Escalation. The creation of external users for file sharing is possible with Pydio Cells. It is possible to give a new user arbitrary roles with access to all cells and non-personal workspaces by altering the HTTP request that is submitted when...
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...
CVE-2023-32749
CVE-2023-32749 affects Pydio Cells. An attacker can modify the HTTP request when creating external users, permitting assignment of arbitrary roles to the new account. If all roles are granted, the attacker gains access to all cells and non-personal workspaces. Documented impact is privilege escal...
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...
PT-2023-23997 · Pydio · Pydio Cells
Name of the Vulnerable Software and Affected Versions: Pydio Cells affected versions not specified Description: The issue allows users to assign arbitrary roles to newly created external users by modifying the HTTP request during the creation process. This can grant access to all cells and...
Design/Logic Flaw
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users...
PT-2023-18346 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.10 through 15.10.4 GitLab EE versions 15.11 through 15.11.0 Description: An issue has been discovered in GitLab EE that may allow users who are marked as external to become regular users under certain conditions when...