2 matches found
GHSA-CRMG-9M86-636R lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints
Summary The GET /1.0/certificates endpoint non-recursive mode returns URLs containing fingerprints for all certificates in the trust store, bypassing the per-object canview authorization check that is correctly applied in the recursive path. Any authenticated identity — including restricted,...
Linux Distros Unpatched Vulnerability : CVE-2022-2095
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all...