11 matches found
EUVD-2021-2316
Malware in sbrugna...
CVE-2021-41238
Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...
Authorization Bypass
hangfire is vulnerable to authorization bypass. Remote attackers are able to gain access to hangfire dashboard from outside of the server because no authorization filters are being used by default...
GHSA-7RQ6-7GV8-C37H Missing Authorization with Default Settings in Dashboard UI
Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, LocalRequestsOnlyAuthorizationFilter filter is being used to allow only local requests and prohibit all the remote...
Improper Access Control
Overview Hangfire.Core is an incredibly easy way to perform fire-and-forget, delayed and recurring jobs in .NET applications. Affected versions of this package are vulnerable to Improper Access Control via the LocalRequestsOnlyAuthorizationFilter which is not being used by default, allowing remot...
CVE-2021-41238
Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...
CVE-2021-41238
Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...
Authorization
Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...
CVE-2021-41238 Missing Authorization with Default Settings in Dashboard UI
Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...
CVE-2021-41238
Hangfire.Core Dashboard UI in Hangfire (for .NET/.NET Core) was vulnerable when the default DashboardOptions.Authorization allowed remote requests due to missing authorization filters in version 1.7.25. The root cause was that LocalRequestsOnlyAuthorizationFilter was not applied by default, permi...
Hangfire 安全漏洞
Hangfire is the easiest way to execute hit-and-miss, delayed and repetitive jobs in ASP.NET applications. Supports CPU and I/O intensive, long-running and short-running jobs. No Windows service/task planner required. Powered by Redis, SQL Server, SQL Azure and MSMQ. A security vulnerability exist...