Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/06/25 4:16 p.m.7 views

CVE-2026-9099 Keycloak: group-admin escalation to realm-admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 4:16 p.m.20 views

CVE-2026-9099

Keycloak contains a flaw in GroupResource.addChild() in the Admin REST API where missing authorization allows an authenticated user with limited admin privileges to reparent any group. Under FGAPv2, a manager of a low-privilege group can reparent a highly privileged group (e.g., realm-admin) unde...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References7Affected Software1
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in Zabbix

A authenticated user with API access e.g., a user with the default User role can be added to any group e.g., Zabbix Administrators. Specifically, a user with access to the user.update API endpoint can be added to any group, except for groups that are disabled or have restricted GUI access...

8.8CVSS7.2AI score0.0073EPSS
Exploits1References3
Huntr
Huntr
added 2023/10/10 7:49 p.m.18 views

privilege escalation bug to edit survey

BUG ======== normal user can edit any survey AFFTED VERSION ============ 6.2.10 SUMMRUY ========== normal user has view permiision in survey . But still that user can edit the survey by adding that survey to his own group . STEP TO REPRODUCE ================= 1. There is already a superadminuser-...

7.1AI score
Exploits0
OSV
OSV
added 2022/09/07 2:10 p.m.35 views

CVE-2022-31166 XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor...

8.1CVSS8AI score0.01115EPSS
Exploits1References6
Veracode
Veracode
added 2020/08/07 2:30 a.m.27 views

Privilege Escalation

cfme-gemset is vulnerable to privilege escalation. The vulnerability exists as it is missing access control, leading to escalation of admin group privileges...

8.3CVSS3.8AI score0.01EPSS
Exploits0References5Affected Software5
Rows per page
Query Builder