37 matches found
EUVD-2024-3570
Malicious code in bioql PyPI...
EUVD-2024-3590
Malicious code in bioql PyPI...
EUVD-2024-3544
Malicious code in bioql PyPI...
CVE-2024-55470
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
CVE-2024-55186
An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
CVE-2024-55471
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
Insecure Direct Object Reference (IDOR)
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control. Specifically, the application does not properly validate or restrict a user's access to resources based on their identity, allowing them to manipulate parameters like...
Insecure Direct Object Reference (IDOR)
oqtane.framework is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks in the Oqtane.Controllers.UserController, allows attackers to manipulate the id parameter to access sensitive information belonging to other users...
Oqtane Framework Insecure Direct Object Reference vulnerability
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
GHSA-2HR5-CVWP-JR5W Oqtane Framework Insecure Direct Object Reference vulnerability
An IDOR Insecure Direct Object Reference vulnerability exists in Oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in Oqtane.Controllers.UserController. Remediation Upgrade Oqtane.Server to version 6.0.1 or higher. References - GitHub Commit - GitHub PR - Medium Blog Credit: Rudra...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in Oqtane.Controllers.UserController. Remediation Upgrade Oqtane.Framework to version 6.0.1 or higher. References - GitHub Commit - GitHub PR - Medium Blog Credit:...
Oqtane Framework Insecure Direct Object Reference vulnerability
An IDOR Insecure Direct Object Reference vulnerability exists in Oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...
GHSA-HHCW-WWXV-G95C Oqtane Framework Insecure Direct Object Reference vulnerability
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
GHSA-995C-QWW8-64FJ Oqtane Framework Incorrect Access Control vulnerability
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the entityid parameter in the /api/Setting endpoint, due to insufficient server-side validation of authentication and authorization. Remediation Upgrade Oqtane.Framework to version 6.0.1 or higher. References -...
Oqtane Framework Incorrect Access Control vulnerability
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
CVE-2024-55471
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55471
Oqtane Framework is vulnerable to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter...
CVE-2024-55186
An IDOR Insecure Direct Object Reference vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging...