GHSA-4RGQ-38MH-9XQG Admidio PKCS#12 private key export action lacks CSRF protection

Summary The sensitive mode=export action in modules/sso/keys.php exports a PKCS12 bundle containing the configured private key and certificate, but the CSRF validation line is commented out. A forged cross-site POST from an administrator session can therefore trigger private key export without a...

Admidio PKCS#12 private key export action lacks CSRF protection

Summary The sensitive mode=export action in modules/sso/keys.php exports a PKCS12 bundle containing the configured private key and certificate, but the CSRF validation line is commented out. A forged cross-site POST from an administrator session can therefore trigger private key export without a...

EUVD-2004-2535

Malware in sbrugna...

CVE-2017-15610

An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the...