29 matches found
EUVD-2024-50711
Malicious code in bioql PyPI...
CVE-2024-12247
Mattermost versions 9.7.x = 9.7.5, 9.8.x = 9.8.2 and 9.9.x = 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated...
CVE-2024-12247
Mattermost versions 9.7.x = 9.7.5, 9.8.x = 9.8.2 and 9.9.x = 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated...
CVE-2024-12247
Mattermost versions 9.7.x = 9.7.5, 9.8.x = 9.8.2 and 9.9.x = 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated...
CVE-2024-12247 Improper propagation of permission scheme updates across cluster nodes
Mattermost versions 9.7.x = 9.7.5, 9.8.x = 9.8.2 and 9.9.x = 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated...
CVE-2024-12247
Summary: CVE-2024-12247 affects Mattermost. Affected versions: 9.7.x up to 9.7.5, 9.8.x up to 9.8.2, and 9.9.x up to 9.9.2. Root cause: failure to propagate permission scheme updates across cluster nodes. Impact: a user can retain old permissions even after the permission scheme is updated. Evide...
"Browse Project" permission set to specific values overrides the customer permission that results in the project getting exposed in the customer portal
h3. Steps to Reproduce In JSD project A, set the customer permission as "Who can access the portal and send requests to ?": "Customers my team adds to the project" Confirm that the project has no customers added Access the portal by a customer that has access to customer portal customer that is...
Granting the 'Browse Project Archive' permission to a 'Custom Field' within a permission scheme allows all users to see archived issues in result set
h3. Issue Summary If within a project the 'Browse Project Archive' and 'Browse Project' permissions are granted to 'Group Custom Field' or to the 'Reporter' option within the permission scheme, the project will become available to search for any user with the 'Browse Project Archive' permission i...
CVE-2021-0235
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to...
CVE-2021-0235 Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks
On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to...
Jira Service Desk permissions error dialog allows Project Admins to upgrade the permission scheme
h3. Issue Summary For a specific use case, only some selected users may create issues using the Portal, so the permission to create issues by "Service Desk Customer - Portal" was removed. After the Permission change, Project Administrators, that should not have access to change the...
Project administrator is able to migrate Permission Scheme
panel:title=Atlassian status update as of 12th July 2018 Hello Customers, We’ve addressed this bug and the fix is available on all version of Jira Service Desk 3.9 and above. For more information please refer to the documentation here...
Project administrator is able to migrate Permission Scheme
panel:title=Atlassian status update as of 12th July 2018 Hello Customers, We’ve addressed this bug and the fix is available on all version of Jira Service Desk 3.9 and above. For more information please refer to the documentation here...
Grant "Browse Project" permission to "Current Assignee" makes project visible to all users
h3. Summary This bug is related to closed bug ticket https://jira.atlassian.com/browse/JRA-8950 When the Current Assignee is given the Browse Project Permission, other users are able to view this Project. They can't necessarily view issues or create issues, but they can see the project from the...
As a developer or release manager I want to be able to create and manage versions in JIRA without having to be given project admin permissions
Currently JIRA only allows a user to create, release and generally manage versions in a project if the user is a project admin. However there are numerous use cases where developers, release managers, project managers, etc. need to be able to perform this function but don't need full admin rights...
As a developer or release manager I want to be able to create and manage versions in JIRA without having to be given project admin permissions
Currently JIRA only allows a user to create, release and generally manage versions in a project if the user is a project admin. However there are numerous use cases where developers, release managers, project managers, etc. need to be able to perform this function but don't need full admin rights...
"User Custom Field Value" permission type incorrectly exposes JIRA project names to everyone
Problem: Project names are shown to users with no permission to see the project. Impact: Security hole! Recipe: it helps to have two browsers open one logged in as admin the other as the user I will create called dummy Add user dummy Add project blah Add custom field myuser of type user picker,...
"Current Assignee" on Browse Permission problem
I have created a permission scheme in Jira but I am experiencing an odd behaviour. I have 5 users in Jira and in the permission scheme, the Browse Projects is assigned to: - Project Lead - Project Role Administrators - Project Role Clients Among the 5 users, 3 fit these categories. One is a proje...
"Current Assignee" on Browse Permission problem
I have created a permission scheme in Jira but I am experiencing an odd behaviour. I have 5 users in Jira and in the permission scheme, the Browse Projects is assigned to: - Project Lead - Project Role Administrators - Project Role Clients Among the 5 users, 3 fit these categories. One is a proje...
"Current Assignee" on Browse Permission problem
I have created a permission scheme in Jira but I am experiencing an odd behaviour. I have 5 users in Jira and in the permission scheme, the Browse Projects is assigned to: - Project Lead - Project Role Administrators - Project Role Clients Among the 5 users, 3 fit these categories. One is a proje...