Improper Access Control

Kinto Attachment is vulnerable to Improper Access Control. The vulnerability is due to improper access control where the attachment file of an existing record can be replaced if the user has "read" permission on one of the parent...

Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

GHSA-HVP4-VRV2-8WRQ Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

PT-2024-17934 · Unknown · Kinto-Attachment

Name of the Vulnerable Software and Affected Versions: kinto-attachment versions prior to 6.4.0 Description: The issue allows an attachment file of an existing record to be replaced if a user has read permission on one of the parent collections or buckets. Furthermore, if the read permission is...

chellow (>=2050.0.0 <=2243.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2020-5236 via waitress (>=0.8.10 <=1.4.2)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: CVE-2020-5236 Source advisory: OSV:PYSEC-2020-155...

chellow (>=2234.0.0 <=2243.0.0), kinto-dist (=18.0.2) potentially affected by CVE-2020-5236 via waitress (=1.4.2)

waitress PYPI version =1.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on waitress and may be impacted: - chellow =2234.0.0, =2243.0.0 - kinto-dist =18.0.2 Source cves: CVE-2020-5236 Source advisory: OSV:GHSA-73M2-3PWG-5FGC...

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16792 via waitress (>=0.8.10 <=1.3.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16792 Source advisory: OSV:PYSEC-2020-178...

chellow (>=2050.0.0 <=2233.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16789 via waitress (>=0.8.10 <=1.4.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: CVE-2019-16789 Source advisory: OSV:GHSA-968F-66R5-5V74...

chellow (>=2050.0.0 <=2231.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by unknown CVE via waitress (>=0.8.10 <=1.4.0)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.5 Source cves: unknown CVE Source advisory: OSV:GHSA-M5FF-3WJ3-8PH4...

chellow (>=2050.0.0 <=2230.0.0), dcicsnovault (>=2.0.0b0 <=2.0.0b11) +11 more potentially affected by CVE-2019-16786 via waitress (>=0.8.10 <=1.3.1)

waitress PYPI version =0.8.10, =2050.0.0, =2.0.0b0, =1.4.0, =17.4.0, =1.1.0.dev20170908, =1.3.7, =0.9.1, =1.0.3, =1.0.4 Source cves: CVE-2019-16786 Source advisory: OSV:GHSA-G2XC-35JW-C63P...

kinto.co.jp XSS vulnerability

Open Bug Bounty ID: OBB-186418 Description| Value ---|--- Affected Website:| kinto.co.jp Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...