8 matches found
CVE-2025-6927 Autoblocks from global account suppressions are publicly visible
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from = 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...
CVE-2025-6927
CVE-2025-6927 affects Wikimedia Foundation MediaWiki components BlockListPager.Php and ApiQueryBlocks.Php, enabling information exposure via autoblocks/global suppressions. Affected versions include MediaWiki core releases 1.42.x prior to 1.39.13, 1.42.7–1.43.2, and 1.44.0; remediation is to upgr...
Sensitive Information Disclosure
Opencast is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposure of hashed credentials due to incorrect handling of global system account credentials when fetching mediapackage elements, allowing attackers with ingest permissions to exfiltrate them to an external U...
CVE-2025-54380 Opencast still publishes global system account credentials
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass...
Opencast 安全漏洞
Opencast is a live video support software for large-scale automated video capture, management and distribution from the Opencast organization. A security vulnerability exists in Opencast versions prior to 17.6 that stems from incorrectly sending hashed global system account credentials, which cou...
Authentication Bypass
github.com/nats-io/nats-server is vulnerable to Authentication Bypass. The vulnerability is due to configureAccounts function in server.go which allows the creation of a no-authenticated user for the global account. This potentially leads an attacker to unauthorized access to the global account...
Fedora 38 : nats-server (2023-c33188f575)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c33188f575 advisory. Without any authorization rules in the nats-server, users can connect without authentication. Before nats-server 2.2.0, all authentication and authorization...
PT-2023-30299 · Nats +1 · Nats Nats-Server +1
Name of the Vulnerable Software and Affected Versions: NATS nats-server versions 2.2.0 through 2.9.22 NATS nats-server versions 2.10.0 through 2.10.1 Description: The issue is related to an authentication bypass in NATS nats-server. An implicit $G user in an authorization block can sometimes be...