Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.6 views

CVE-2019-16303

A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness apache.commons.lang3 RandomStringUtils. This allows an attacker if able to obtain their own password reset URL to compute the value for all other...

9.8CVSS7.3AI score0.03673EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.30 views

EUVD-2020-0493

Malware in sbrugna...

9.8CVSS9.3AI score0.03673EPSS
Exploits1References19
EUVD
EUVD
added 2025/10/03 8:7 p.m.29 views

EUVD-2025-22595

Malicious code in bioql PyPI...

8CVSS6.4AI score0.00244EPSS
Exploits0References5
OSV
OSV
added 2025/07/25 3:30 p.m.6 views

GHSA-CMM8-GW4M-26CW Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter

Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w. Original Description JHipster before v.8.9.0 allows...

2.9CVSS6.3AI score0.00244EPSS
Exploits0References6
NVD
NVD
added 2025/07/25 1:15 p.m.5 views

CVE-2025-43712

JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLEUSER. By manipulating the authorities...

8CVSS0.00244EPSS
Exploits0References4
CVE
CVE
added 2025/07/25 12:0 a.m.47 views

CVE-2025-43712

Summary: CVE-2025-43712 affects JHipster before 8.9.0, where the unvalidated authorities parameter in the /api/account response can be manipulated to escalate privileges from ROLE_USER to ROLE_ADMIN, potentially exposing admin functionality. What’s affected: JHipster-generated apps prior to 8.9.0...

8CVSS6.4AI score0.00244EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.7 views

PT-2025-30814 · Jhipster · Jhipster

Name of the Vulnerable Software and Affected Versions: JHipster versions prior to 8.9.0 Description: JHipster versions prior to 8.9.0 are susceptible to privilege escalation through manipulation of the authorities parameter. After registering and logging in as a standard user, the authorities...

8CVSS6.9AI score0.00244EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/22 12:41 a.m.6 views

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

7.5CVSS6.7AI score0.00593EPSS
Exploits0References1
Rows per page
Query Builder