Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2540

Malicious code in bioql PyPI...

6.8CVSS4.8AI score0.00534EPSS
Exploits1References4
Veracode
Veracode
added 2025/02/24 4:53 a.m.10 views

Improper Access Control

Directus is vulnerable to Improper Access Control. The vulnerability is due to improper evaluation of field-level access permissions when multiple overlapping update policies apply, allowing users to update a superset of fields rather than only those permitted for a specific item...

5.4CVSS7AI score0.0022EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2023/09/15 6:57 p.m.13 views

CVE-2023-37263 Strapi's field level permissions not being respected in relationship title

Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible...

6.8CVSS6.6AI score0.00534EPSS
Exploits1References2
CVE
CVE
added 2023/09/15 6:57 p.m.104 views

CVE-2023-37263

CVE-2023-37263 affects Strapi (open-source headless CMS). The issue: field-level permissions are not respected in the relationship title, causing a field the user should not see to be visible when a relation includes that field. Impact is described as information disclosure under older releases. ...

6.8CVSS5AI score0.00534EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/09/15 7:36 a.m.12 views

Improper Authorization

@strapi/plugin-content-manager is vulnerable to Improper Authorization. The vulnerability is due to Field level permissions not being respected in the relationship title, as there are no RBAC permission checks to read the field in relations.js...

6.8CVSS6.6AI score0.00534EPSS
Exploits1References4Affected Software1
Atlassian
Atlassian
added 2014/06/09 12:56 p.m.32 views

statTypes REST API exposes all statistics field names anonymously

On an instance with no anonymous access enabled, /rest/gadget/1.0/statTypes returns a list of all stattable custom fields names and IDs in the instance in response to anonymous requests. This is a nasty exposure of data - admins have no way of knowing that private data shouldn't be put into custo...

1.4AI score
Exploits0Affected Software1
Fedora
Fedora
added 2012/02/21 1:26 a.m.16 views

[SECURITY] Fedora 15 Update: drupal7-field_permissions-1.0-0.2.beta2.fc15

The Field Permissions module is a drop-in replacement for the Content Permissions module shipped with CCK. It allows site administrators to set field-level permissions to edit or view CCK fields in any node, and optionally new feature compared to Content Permissions module, edit field during node...

3AI score
Exploits0
OpenVAS
OpenVAS
added 2012/02/21 12:0 a.m.12 views

Fedora Update for drupal7-field_permissions FEDORA-2012-1390

Check for the Version of drupal7-fieldpermissions OpenVAS Vulnerability Test Fedora Update for drupal7-fieldpermissions FEDORA-2012-1390 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribut...

7.4AI score
Exploits0References2
Atlassian
Atlassian
added 2007/07/17 5:54 p.m.15 views

Permissions at field level

I would like to be able to limit what users roles are able to modify individual fields. For example, I only want to allow particular people project managers to be able to select a fix version in an issue. However, it seems that any user who can edit an issue, including the reporter, can set the...

2.6AI score
Exploits0Affected Software1
Rows per page
Query Builder