GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It features built-in version control, issue tracking, code review, and CI/CD continuous integration and delivery capabilities. There is a security vulnerability in GitLab, which stems from improper...

CVE-2022-35921

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to...

CVE-2023-22487

Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special @""p syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post...

Flarum 访问控制错误漏洞

Flarum is an open source forum system for the Flarum community. An access control error vulnerability exists in flarum mention versions prior to 1.6.3, which stems from allowing the disclosure of all posts in the forum database, including posts awaiting approval, posts in tags to which the user...

Byobu user preference to prevent private discussions being started are not respected

Impact Users electing to prevent others starting private discussions with themselves. Please note that admins and others with appropriate permissions can always bypass this preference, as was the case before. Patches Users of Byobu should update the extension to version 1.1.7, where this has been...

GHSA-6GJM-6WJ6-4PX5 Byobu user preference to prevent private discussions being started are not respected

Impact Users electing to prevent others starting private discussions with themselves. Please note that admins and others with appropriate permissions can always bypass this preference, as was the case before. Patches Users of Byobu should update the extension to version 1.1.7, where this has been...

CVE-2022-35921 User preference to prevent private discussions not respected in fof/byobu

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to...

CVE-2022-35921

fof/byobu is a private discussions extension for Flarum. The issue: private discussion disablement is not respected, risking leakage of private discussions. A patch exists in version 1.1.7, and users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or disable the extension i...

CVE-2022-35921 User preference to prevent private discussions not respected in fof/byobu

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to...

Flarum 安全漏洞

Flarum is an open source forum system for the Flarum community. A security vulnerability exists in Flarum's Byobu extension prior to version 1.1.7, which stems from the fact that Byobu is a private discussion extension for the Flarum forums, and the affected version was found to not allow private...

PT-2022-23027 · Flarum +2 · Flarum +2

Name of the Vulnerable Software and Affected Versions: fof/byobu versions prior to 1.1.7 Description: The issue concerns the fof/byobu private discussions extension for Flarum forum, where affected versions do not respect private discussion disablement by users. This means users who have chosen t...

Activist Leaks 11,000 Private Messages from WikiLeaks' Twitter Chats

An activist has just leaked thousands of private messages of an organization that's been known to publishing others' secrets. More than 11,000 direct messages from a Twitter group used by WikiLeaks and around 10 close supporters have been posted online by journalist and activist Emma Best, exposi...

Vanilla: A user can comment in private discussions without having permission to access the discussion

Hello team, I have found a vulnerability which allows a user who does not have access to a discussion to comment on it and thus avoid the control applied. http://littleguy.vanillastaging.com/ Proof Of Concept ============= For this proof of concept I have used 3 users. User A creates a PRIVATE...