9 matches found
Bugsink: Project scoping missing in sourcemap and debug-file lookup
Summary Bugsink before 2.2.0 resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use sourcemap/debug-file metadata uploaded for...
CVE-2026-47728 Bugsink: Project scoping missing in sourcemap and debug-file lookup
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use...
CVE-2026-47728
Bugsink (self-hosted error tracking) prior to 2.2.0 stores and looks up sourcemaps and debug files by debug ID without scoping to the owning project. An authenticated user with access to one project could cause event processing in that project to use sourcemap/debug-file metadata uploaded for ano...
CVE-2019-10080
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...
SUSE CVE-2014-8121
DBLOOKUP in nssfiles/files-XXX.c in the Name Service Switch NSS in GNU C Library aka glibc or libc6 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service infinite loop by performing a look-up on a database while iterating over it,...
Insecure File Lookup
Linux kernel is vulnerable to insecure file lookup . The vulnerability exists because it performs a regular lookup which allows an attacker to access potentially sensitive files, which results in Sensitive Information Disclosure...
PT-2021-14729 · Jenkins · Jenkins Subversion Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.0 and earlier Description: The issue allows attackers who can control agent processes to read arbitrary files on the Jenkins controller file system. This is because the plugin does not restrict the name...
The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform allows a hacker to gain unauthorized access to protected information.
The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protecte...
Jirafeau Cross-Site Request Forgery Vulnerability
Jirafeau is a file sharing website system. A cross-site request forgery vulnerability exists in the administration panel in Jirafeau versions prior to 3.4.1. A remote attacker can exploit this vulnerability to force an administrator to perform a file lookup operation and perform a cross-site...