Lucene search
+L

5 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 9:13 p.m.9 views

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References3
Veracode
Veracode
added 2025/03/07 6:39 a.m.9 views

Authentication Bypass

github.com/minio/minio is vulnerable to Authentication bypass. The vulnerability is due to improper enforcement of SSH key validation when using LDAP as an external identity provider, allowing unauthorized access if the sshPublicKey attribute is missing...

8.2CVSS7.1AI score0.00512EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/02 9:19 p.m.16 views

CVE-2025-27414

A flaw was found in MinIO. An incorrect evaluation of the SSH key used in an SFTP connection when using LDAP as an external identity provider with a user with no sshPublicKey property allows an attacker to perform any FTP operations like reading, writing, deleting and listing objects, resulting i...

7.4CVSS6.3AI score0.00512EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.5 views

PT-2025-9136 · Minio · Minio

Name of the Vulnerable Software and Affected Versions: MinIO versions RELEASE.2024-06-06T09-36-42Z through RELEASE.2025-02-28T09-55-16Z Description: A bug in MinIO's evaluation of the trust of the SSH key used in an SFTP connection allows authentication bypass and unauthorized data access. This...

9.9CVSS7.5AI score0.93027EPSS
Exploits19References43
Positive Technologies
Positive Technologies
added 2022/05/11 12:0 a.m.6 views

PT-2022-3916 · Unknown · Pinniped Supervisor

Name of the Vulnerable Software and Affected Versions: Pinniped Supervisor affected versions not specified Description: An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources. The issue allows an attack where a malicious us...

8.5CVSS6.6AI score0.00925EPSS
Exploits0References8
Rows per page
Query Builder