93 matches found
PT-2023-24615 · Briar · Briar
Name of the Vulnerable Software and Affected Versions: Briar versions prior to 1.4.22 Description: The issue allows attackers to spoof other users' messages in a blog, forum, or private group. However, each spoofed message would need to be an exact duplicate of a legitimate message displayed...
Briar 安全漏洞
Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in versions of Briar prior to 1.4....
CVE-2022-41913
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...
Design/Logic Flaw
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...
CVE-2022-41913 Discourse-calendar exposes members of hidden groups
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...
CVE-2022-41913 Discourse-calendar exposes members of hidden groups
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...
CVE-2022-41913 Discourse-calendar exposes members of hidden groups
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability onl...
CVE-2022-41913
CVE-2022-41913 affects the Discourse-calendar plugin for Discourse. When discourse_post_event_enabled is on, users can list members of private groups or private-group members in dynamic calendar posts, enabling disclosure of group membership. The issue is mitigated by upgrading to a version that ...
CVE-2021-39876
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups...
Code injection
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups...
CVE-2021-39876
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups...
CVE-2021-39876
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups...
CVE-2021-39876
CVE-2021-39876 affects GitLab CE/EE starting from version 11.3, where the autocomplete endpoint for Assignee discloses members of private groups. The root cause is an information-disclosure flaw in the Assignee autocomplete functionality, enabling partial confidentiality breach. Impact stated in ...
CVE-2021-39876
Removed by vendor...
CVE-2021-39905
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...
CVE-2021-39905
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...
CVE-2021-39905
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...
UBUNTU-CVE-2021-39905
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...
CVE-2021-39905
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...
CVE-2021-39905
Removed by vendor...