Lucene search
K

24 matches found

OSV
OSV
added 2025/02/19 8:40 a.m.7 views

CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...

6.9CVSS6AI score0.00473EPSS
Exploits1References4
CVE
CVE
added 2025/02/19 8:40 a.m.85 views

CVE-2025-1007

CVE-2025-1007 affects OpenVSX, specifically versions v0.9.0 through v0.20.0. The vulnerability arises in the /user/namespace/{namespace}/details API (and the related /user/namespace/{namespace}/details/logo) where a non-owner/non-contributor user can edit all namespace details (name, description,...

6.9CVSS6.3AI score0.00473EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/02/19 8:40 a.m.13 views

CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/namespace/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and social media links. The same issues existed in...

6.9CVSS0.00473EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/19 12:0 a.m.11 views

PT-2025-7484 · Openvsx · Openvsx

Name of the Vulnerable Software and Affected Versions: OpenVSX versions v0.9.0 through v0.20.0 Description: The issue allows a user to edit all namespace details, including name, description, website, support link, and social media links, even if the user is not a namespace Owner or Contributor...

6.9CVSS6.1AI score0.00473EPSS
Exploits1References8
Rows per page
Query Builder