Lucene search
K

5 matches found

OSV
OSV
added yesterday4 views

PYSEC-2026-1494 Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

8.6CVSS5.9AI score0.00702EPSS
Exploits0References7
OSV
OSV
added 2024/02/08 6:32 p.m.19 views

GHSA-HVP4-VRV2-8WRQ Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

8.6CVSS6.3AI score0.00702EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/02/08 6:32 p.m.4 views

kinto-dist (>=0.7.0 <=18.0.2) potentially affected by CVE-2024-1314 via kinto-attachment (>=0.8.0 <=6.0.2)

kinto-attachment PYPI version =0.8.0, =0.7.0, =18.0.2 Source cves: CVE-2024-1314 Source advisory: OSV:GHSA-HVP4-VRV2-8WRQ...

5.5AI score0.00702EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/02/08 6:32 p.m.18 views

Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

6.4AI score0.00702EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.7 views

PT-2024-17934

Name of the Vulnerable Software and Affected Versions kinto-attachment versions prior to 6.4.0 Description The issue allows an attachment file of an existing record to be replaced if a user has read permission on one of the parent collections or buckets. Furthermore, if the read permission is...

8.6CVSS5.9AI score0.00702EPSS
Exploits0References9
Rows per page
Query Builder