Lucene search
K

30 matches found

Nuclei
Nuclei
added yesterday46 views

Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization

Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifyi...

5.3CVSS6.4AI score0.12719EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.10 views

CVE-2026-57293

CVE-2026-57293 affects the Jenkins Gitee Plugin (1288.v18b_deb_c9069b_ and earlier). The vulnerability is an incorrect permission check that lets an attacker with global Item/Configure permission, but without Item/Configure permission on any specific job, enumerate credentials IDs stored in Jenki...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-11433

Malware in sbrugna...

7.5CVSS7.5AI score0.01304EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-6402

Malware in sbrugna...

8CVSS8AI score0.00511EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2733

Malicious code in bioql PyPI...

7.2CVSS7AI score0.01074EPSS
Exploits0References5
Atlassian
Atlassian
added 2025/07/14 7:20 a.m.18 views

Analytics Direct‑URL Bypass Ignores Global Analytics Permissions in Confluence Data Center

This ticket requests an LTS 9.2 fix for the issue at https://asecurityteam.atlassian.net/browse/VULN-1552959 . i This ticket doesn't have a due date because backport security fixes are only required for Critical-severity issues. Details: Security Bug Fix...

7.2AI score
Exploits0
Atlassian
Atlassian
added 2024/11/25 6:11 a.m.18 views

Individual users with System Administrator access under Global Permissions are able to view the names of restricted spaces that they are not permitted to access.

h3. Issue Summary Individual users with System Administrator who can also have both Confluence Administrator and System Administrator access under Global Permissions can view the names of restricted spaces that they are not permitted to access. This is reproducible on Data Center: yes h3. Steps t...

6.6AI score
Exploits0Affected Software1
OSV
OSV
added 2023/10/16 9:15 a.m.3 views

CVE-2023-4822

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

7.2CVSS5.8AI score0.01074EPSS
Exploits0References2
Atlassian
Atlassian
added 2023/09/25 5:35 p.m.23 views

User with system administrator privilege can search restricted pages.

h3. Issue Summary Starting Confluence 8.5.1 when a user is granted System administrator permission at Global permissions. The user can search for Restricted content and the restricted page gets displayed in search, when tried to access it says "Page can't be found". This behaviour is not...

6.7AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.4 views

Octopoller 安全漏洞

Octopoller is an Octokit open source micro gem for polling and retrying. A security vulnerability exists in Octopoller version 0.2.0, which stems from a problem with the permissions settings of files contained in the gem, and can be used to modify globally writable files in the gem...

3.3CVSS4.9AI score0.00214EPSS
Exploits0References3
Atlassian
Atlassian
added 2020/11/03 12:25 p.m.18 views

Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page

h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2020/11/03 12:25 p.m.21 views

Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page

h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...

0.3AI score
Exploits0
OSV
OSV
added 2020/07/13 1:15 a.m.6 views

CVE-2019-20898

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0...

7.5CVSS7.2AI score0.01304EPSS
Exploits0References1
Prion
Prion
added 2020/07/13 1:15 a.m.25 views

Design/Logic Flaw

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0...

5CVSS7.3AI score0.01304EPSS
Exploits0References1Affected Software2
Atlassian
Atlassian
added 2020/04/22 1:47 a.m.30 views

Information disclosure in System Administration - Global Permissions - CVE-2019-20898

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. Affected versions: version = 8.5.12: Enable feature...

7.5CVSS4.8AI score0.01304EPSS
Exploits0
OSV
OSV
added 2017/09/30 1:29 a.m.12 views

CVE-2017-14925

Cross-Site Request Forgery CSRF vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to...

8CVSS6.8AI score
Exploits0References3
Prion
Prion
added 2017/09/30 1:29 a.m.15 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to...

6CVSS7.8AI score0.00511EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/09/30 12:0 a.m.3 views

Tiki Cross-Site Request Forgery Vulnerability

Tiki is a free, free, open source web application with rich built-in functionality. A cross-site request forgery vulnerability exists in the IMG element of Tiki, which can be exploited by authenticated users to edit global permissions if an administrator opens a Wiki page with the IMG element...

8CVSS7.7AI score0.00511EPSS
Exploits0References1
CVE
CVE
added 2017/09/29 7:0 a.m.46 views

CVE-2017-14925

CVE-2017-14925 affects Tiki Wiki before certain versions (16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, 15 LTS before 15.5 LTS). The vulnerability is a Cross-Site Request Forgery (CSRF) via an IMG element, related to tiki-objectpermissions.php, enabling an authenticated user to edit global per...

8CVSS7.7AI score0.00511EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/01/28 12:0 a.m.4 views

Fuse Write Privilege Vulnerability

Fuse is a set of Unix-like system mechanisms that allow unprivileged users to create filesystems without editing kernel code. Fuse uses insecure global writable permissions to create the '/dev/cuse' character device, allowing a local attacker to exploit the vulnerability to create arbitrary...

7.8CVSS6.7AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder