30 matches found
Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifyi...
CVE-2026-57293
CVE-2026-57293 affects the Jenkins Gitee Plugin (1288.v18b_deb_c9069b_ and earlier). The vulnerability is an incorrect permission check that lets an attacker with global Item/Configure permission, but without Item/Configure permission on any specific job, enumerate credentials IDs stored in Jenki...
EUVD-2019-11433
Malware in sbrugna...
EUVD-2017-6402
Malware in sbrugna...
EUVD-2023-2733
Malicious code in bioql PyPI...
Analytics Direct‑URL Bypass Ignores Global Analytics Permissions in Confluence Data Center
This ticket requests an LTS 9.2 fix for the issue at https://asecurityteam.atlassian.net/browse/VULN-1552959 . i This ticket doesn't have a due date because backport security fixes are only required for Critical-severity issues. Details: Security Bug Fix...
Individual users with System Administrator access under Global Permissions are able to view the names of restricted spaces that they are not permitted to access.
h3. Issue Summary Individual users with System Administrator who can also have both Confluence Administrator and System Administrator access under Global Permissions can view the names of restricted spaces that they are not permitted to access. This is reproducible on Data Center: yes h3. Steps t...
CVE-2023-4822
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...
User with system administrator privilege can search restricted pages.
h3. Issue Summary Starting Confluence 8.5.1 when a user is granted System administrator permission at Global permissions. The user can search for Restricted content and the restricted page gets displayed in search, when tried to access it says "Page can't be found". This behaviour is not...
Octopoller 安全漏洞
Octopoller is an Octokit open source micro gem for polling and retrying. A security vulnerability exists in Octopoller version 0.2.0, which stems from a problem with the permissions settings of files contained in the gem, and can be used to modify globally writable files in the gem...
Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page
h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...
Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page
h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...
CVE-2019-20898
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0...
Design/Logic Flaw
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0...
Information disclosure in System Administration - Global Permissions - CVE-2019-20898
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. Affected versions: version = 8.5.12: Enable feature...
CVE-2017-14925
Cross-Site Request Forgery CSRF vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to...
Tiki Cross-Site Request Forgery Vulnerability
Tiki is a free, free, open source web application with rich built-in functionality. A cross-site request forgery vulnerability exists in the IMG element of Tiki, which can be exploited by authenticated users to edit global permissions if an administrator opens a Wiki page with the IMG element...
CVE-2017-14925
CVE-2017-14925 affects Tiki Wiki before certain versions (16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, 15 LTS before 15.5 LTS). The vulnerability is a Cross-Site Request Forgery (CSRF) via an IMG element, related to tiki-objectpermissions.php, enabling an authenticated user to edit global per...
Fuse Write Privilege Vulnerability
Fuse is a set of Unix-like system mechanisms that allow unprivileged users to create filesystems without editing kernel code. Fuse uses insecure global writable permissions to create the '/dev/cuse' character device, allowing a local attacker to exploit the vulnerability to create arbitrary...