15 matches found
CVE-2026-1322
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...
CVE-2026-28735
Mattermost versions 10.11.x up to 10.11.14, 11.4.x up to 11.4.4, 11.5.x up to 11.5.3, and 11.6.x up to 11.6.0 fail to validate the OAuth token scope on the callback, enabling an authenticated Mattermost user to gain access to private repositories by modifying the scope parameter in the GitHub aut...
CVE-2026-28735
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...
CVE-2026-1322
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...
CVE-2026-1322 Business Logic Errors in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...
CVE-2026-43886 Outline: OAuth Scope Validation Logic Error Allows Privilege Escalation to Wildcard API Access
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope uses Array.some to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the...
CVE-2026-43886
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope uses Array.some to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the...
CVE-2026-43886
Outline (0.84.0–1.6.1) suffers a logic error in OAuthInterface.validateScope() that uses Array.some() to validate requested scopes, causing any valid scope to validate the whole requested scope array and enable a wildcard via scope=read *. This can escalate a read‑only token to full unrestricted ...
CVE-2022-39230
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
PT-2024-31405 · Jinja2 +1 · Jinja2 +1
Name of the Vulnerable Software and Affected Versions: Fides versions 2.19.0 through 2.43.x Description: The Email Templating feature in Fides uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...
CVE-2022-39230
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
Authorization
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
CVE-2022-39230 Security issue in fhir-works-on-aws-authz-smart
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the client’s...
UBUNTU-CVE-2020-13300
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow...
PT-2020-13441 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.3 through 13.3.3 Description: The issue concerns an OAuth authorization scope change without user consent in the middle of the authorization flow. Recommendations: For GitLab CE/EE versions 13.3 through 13.3.3, update...