25 matches found
Gitea Container Registry - Unauthorized Private Image Access
Gitea = 1.26.2. As a temporary workaround, set REQUIRESIGNINVIEW=true in gitea app.ini, though this blocks all anonymous access including public repos. reference: - https://blog.gitea.com/release-of-1.26.2/ - https://github.com/go-gitea/gitea/pull/37290 -...
PYSEC-2026-150
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...
Improper Handling of Insufficient Permissions or Privileges
Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the API for documents and images. A user with access to the API can access filenames and names of items...
EUVD-2012-1606
Malware in sbrugna...
EUVD-2022-1990
Malicious code in bioql PyPI...
SUSE CVE-2015-7561
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image...
SUSE CVE-2010-1190
thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as imgauth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations...
Information Exposure
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Information Exposure via the imgauth.php process. ...
GHSA-2H9C-34V6-3QMR Kubernetes in OpenShift3 Access Control Misconfiguration
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image...
Kubernetes in OpenShift3 Access Control Misconfiguration
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image...
Red Hat OpenShift3 Kubernetes Sensitive Information Disclosure Vulnerability
Red Hat OpenShift3 is a Platform-as-a-Service PaaS cloud computing platform that builds, tests, deploys and runs applications. A security vulnerability in Red Hat OpenShift3 Kubernetes allows remote attackers to exploit the vulnerability by submitting a special request to access images that are...
CVE-2015-7561
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image...
Code injection
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image...
CVE-2015-7561
CVE-2015-7561 in Kubernetes/OpenShift3: remote authenticated users can access other users’ private images if they know the image name. The description provided notes the impact as cross-user image access, but the documents do not specify the root cause details (e.g., how image ownership is enforc...
CVE-2015-7561
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image...
PT-2017-7225 · Red Hat +1 · Openshift +1
Name of the Vulnerable Software and Affected Versions: OpenShift3 affected versions not specified Description: The issue allows remote authenticated users to access private images of other users if they know the image name. This is due to an access control misconfiguration in Kubernetes within...
CVE-2012-1591
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles...
CVE-2012-1591
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles...
CVE-2012-1591
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles...
CVE-2012-1591
Removed by vendor...