18 matches found
EUVD-2022-3442
Malicious code in bioql PyPI...
CVE-2021-36539
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...
BIT-CANVASLMS-2021-36539
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...
CVE-2021-36539
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...
Design/Logic Flaw
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL canvadocsessionurl...
Instruction Canvas LMS 信息泄露漏洞
Canvas LMS is an open source learning management system from Instructure Open Source. Instruction Canvas LMS has a security vulnerability that stems from not properly denying access to locked or unreleased files...
PT-2023-12286 · Instructure · Instructure Canvas Lms
Name of the Vulnerable Software and Affected Versions: Instructure Canvas LMS affected versions not specified Description: The issue concerns improper access control in Instructure Canvas LMS, where unprivileged users can access locked or unpublished files through the DocViewer based file preview...
Stored XSS vulnerability in Locked Files Report Plugin
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CloudBees Jenkins Locked Files Report Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site script execution...
CVE-2020-2271
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2271
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Cross site scripting
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2271
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2271
CVE-2020-2271 affects Jenkins Locked Files Report Plugin (versions ≤ 1.6). The issue is a stored XSS where locked files’ names are not escaped in tooltips, exploitable by attackers with Job/Configure permission. Root cause: insufficient escaping in tooltip rendering. Impact is XSS within Jenkins ...
PT-2020-15496 · Jenkins · Jenkins Locked Files Report Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Locked Files Report Plugin versions 1.6 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because locked files' names in tooltips are not properly escaped. This can be exploite...
U.S. Dept Of Defense: █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files
Summary: To download a file, ████ directs users to /██████████/Download.aspx and sets a cookie authenticating the download. The cookie looks like this: pickup=Subject=&PackageID=MTU4NDgzMTU=███ If an attacker can generate this cookie, this allows downloading a file. As it turns out, the generatio...
Information Disclosure
bepasty is vulnerable to information disclosure. A user that's not an admin can access the metadata of locked files...
Pre-open files attack agains locked file
Hello lists, hello Roger. It's me again. Sorry for annoyance, but there is one more attack vector with pre-open files I meant, but forgot to mention. It seems dangerous enough and need to be investigated for different applications. Attack is against application relying on mandatory locks. Attack...