15 matches found
EUVD-2021-0160
Malware in sbrugna...
CVE-2021-37705
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a...
Microsoft OneFuzz has an unspecified vulnerability
Microsoft OneFuzz is a cross-platform, free and open source fuzz testing framework from Microsoft Corporation Microsoft.A security vulnerability exists in Microsoft OneFuzz versions 2.12.0 through 2.31.0, which stems from an incomplete authorization check in the affected product versions, which c...
Privilege Escalation
onefuzz is vulnerable to privilege escalation. The vulnerability exists due to a lack of authorization check which allows a user to make API calls to a OneFuzz instance...
CVE-2021-37705
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a...
CVE-2021-37705
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a...
Authorization
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a...
PYSEC-2021-344
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a...
PYSEC-2021-344
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a...
Improper Authorization and Origin Validation Error in OneFuzz
Impact Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be: Version 2.12.0 or greater Deployed...
CVE-2021-37705
Affected software : OneFuzz self-hosted fuzzing platform. Vulnerability : Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure AD tenant to make authorized API calls on a vulnerable OneFuzz instance when deployed with the non-defau...
CVE-2021-37705 Improper Authorization and Origin Validation Error in OneFuzz
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a...
PT-2021-21824 · Microsoft · Onefuzz
Name of the Vulnerable Software and Affected Versions: OneFuzz versions 2.12.0 through 2.30.0 Description: The issue is related to an incomplete authorization check in OneFuzz, allowing an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFu...
Microsoft OneFuzz 授权问题漏洞
Microsoft OneFuzz is a cross-platform, free and open source fuzz testing framework from Microsoft Corporation Microsoft.A security vulnerability exists in Microsoft OneFuzz versions 2.12.0 through 2.31.0, which stems from an incomplete authorization check in the affected product versions, which c...
Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale
Microsoft is dedicated to working with the community and our customers to continuously improve and tune our platform and products to help defend against the dynamic and sophisticated threat landscape. Earlier this year, we announced that we would replace the existing software testing experience...