Lucene search
K

9 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-56247

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago22 views

CVE-2026-56247 Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS0.00303EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-56247

Capgo prior to version 12.128.2 contains a privilege-escalation flaw where org admins can assign org-scoped RBAC roles at the app scope without validating role-scope compatibility, including assignments to pending invitees . Attackers can pre-seed malformed high-privilege bindings that survive in...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:29 a.m.8 views

CVE-2024-24817

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...

5.3CVSS6.6AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2024/02/22 6:15 p.m.14 views

CVE-2024-24817

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...

5.3CVSS4.5AI score0.00419EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/22 5:45 p.m.15 views

CVE-2024-24817 User can see invitees in events created in PMs and private categories

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...

4.3CVSS6.6AI score0.00419EPSS
Exploits0References2
CVE
CVE
added 2024/02/22 5:45 p.m.103 views

CVE-2024-24817

CVE-2024-24817 concerns the Discourse Calendar plugin. Prior to version 0.4, event invitees created in topics in private categories or private messages could be retrieved by anyone, even when not logged in. The issue is resolved in version 0.4 of the discourse-calendar plugin. Some partial mitiga...

5.3CVSS4.4AI score0.00419EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/22 5:45 p.m.22 views

CVE-2024-24817 User can see invitees in events created in PMs and private categories

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs private messages can be retrieved by anyone, even if they're not logg...

4.3CVSS4.8AI score0.00419EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.7 views

PT-2024-20583 · Discourse · Discourse Calendar

Name of the Vulnerable Software and Affected Versions: Discourse Calendar versions prior to 0.4 Description: The issue allows event invitees created in private categories or private messages to be retrieved by anyone, even if they are not logged in. This is a problem with the Discourse Calendar...

5.3CVSS7AI score0.00419EPSS
Exploits0References7
Rows per page
Query Builder