CVE-2020-10959

CVE-2020-10959 affects MediaWiki and is tied to the file resources/src/mediawiki.page.ready/ready.js . The vulnerability allows remote attackers to force a user logout and trigger an external redirection through HTML content in a MediaWiki page when running versions before 1.35.0. The connected d...

CVE-2020-10959

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page...

PT-2020-12450 · Wikimedia +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35 MediaWiki versions prior to 1.34.0-rc.0 Description: The issue allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. This is achieved by exploiting the...

keycloak: problem with privacy after user logout

A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section...

RHEL 7 : Red Hat Single Sign-On 7.3.8 security update on RHEL 7 (Important) (RHSA-2020:2107)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2107 advisory. Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

F5 NGINX Controller Authorization Issues Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.3.0, which stems from t...

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out...

CVE-2020-5894

The CVE-2020-5894 issue affects NGINX Controller webserver versions 3.0.0–3.3.0. The root cause is that server-side session tokens are not invalidated after logout, enabling a remote attacker who has a valid token to reuse it until it expires. The official advisory indicates that upgrades to 3.4....

DEBIAN-CVE-2020-12626

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered...

UBUNTU-CVE-2020-12626

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered...

Apache NiFi Registry Code Issue Vulnerability

Apache NiFi is a data processing and distribution system from the Apache Software Foundation in the United States. The system is primarily used for data routing, transformation, and system intermediary logic.NiFi Registry is one of the registries used to store and manage the versioning process. A...

CVE-2020-9482

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

Authentication flaw

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

CVE-2020-10959

A flaw was found in MediaWiki, where an attacker can control the MediaWiki logout redirect URL. This flaw allows an attacker with the ability to create wiki pages, to change the logout URL that a user is redirected to when logging out...

ZSQL: Audit Level

Audit logs are important in tracing data, locating faults, and clarifying responsibilities after security events occur. Database audit is configured by setting the AUDITLEVEL parameter. AUDITLEVEL = 0 disables audit logs. If AUDITLEVEL is set to a value greater than 0, audit logs are enabled, and...

IBM Security Information Queue Information Disclosure Vulnerability (CNVD-2020-22189)

IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue ISIQ that stems from the program's...

Security Bulletin: IBM Security Information Queue does not invalidate sessions after logout (CVE-2020-4291)

Summary IBM Security Information Queue ISIQ session identifiers are not properly invalidated upon user logout from ISIQ's web UI. This create opportunities for an attacker to hijack a user session token. As of v1.0.6, ISIQ immediately invalidates the session token when a user logs out...

MediaWiki 1.34.0 URL Redirect Vulnerability - Windows

MediaWiki is prone to a URL redirect vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MediaWiki 1.34.0 URL Redirect Vulnerability - Linux

MediaWiki is prone to a URL redirect vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...