11 matches found
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
EUVD-2024-50146
Malicious code in bioql PyPI...
Improper Authorization
Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Improper Authorization via an incorrect permission check in the token creation process. An attacker can gain elevated privileges by crafting requests to the REST API and creatin...
CVE-2024-9825
The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...
CVE-2024-9825
The CVE-2024-9825 entry concerns the Chef Habitat builder-api on-prem-builder package. It states that any version older than habitat/builder-api/10315/20240913162802 is vulnerable to an IDOR issue that allows unauthorized deletion of a personal token, with the vulnerability attributed to the buil...
CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token
The Chef Habitat builder-api on-prem-builder package with any version lower than habitat/builder-api/10315/20240913162802 is vulnerable to indirect object reference IDOR by un-authorized deletion of personal token. Habitat builder consumes builder-api habitat package as a dependency and the...
iTop 安全漏洞
iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop version 3.1.1, which stems from a cross-site scripting that may result when displaying/editing a user's personal token...
CVE-2023-28634
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the...
UBUNTU-CVE-2023-28634
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the...
CVE-2023-28634
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the...
CVE-2023-28634 GLPI vulnerable to Privilege Escalation from Technician to Super-Admin
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the...