Lucene search
K

8 matches found

Snyk
Snyk
added 2026/06/05 9:44 p.m.8 views

Missing Authorization

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Missing Authorization in the lookup process for sourcemaps and debug files, which was not properly scoped to the owning project. An attacker can access source context or symbolication-derived...

5.3CVSS5.4AI score0.00178EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 9:43 p.m.6 views

GHSA-G5VC-Q7QC-V939 Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known

Description Bugsink’s issue list supports bulk actions such as resolving or muting selected issues. In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to...

3.1CVSS5.4AI score0.00147EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 9:43 p.m.6 views

GHSA-VX2F-6M6H-9FRF Bugsink: Issue event views can show an event from another project if its UUID is known

Description Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a logged-in user with access to one project can view anoth...

3.1CVSS5.3AI score0.00154EPSS
Exploits0References4
NVD
NVD
added 2026/05/26 5:16 p.m.25 views

CVE-2026-47715

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS0.00154EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 4:22 p.m.10 views

CVE-2026-47715 Bugsink: Issue event views can show an event from another project if its UUID is known

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS5.8AI score0.00154EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:22 p.m.10 views

CVE-2026-47715

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a...

3.1CVSS5.8AI score0.00154EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-43305

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.2.0 Description Bugsink is a self-hosted error tracking tool. A project-boundary authorization issue exists where issue event pages accept a direct event identifier from the URL and retrieve the event without...

3.1CVSS5.4AI score0.00154EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 5:31 p.m.6 views

GHSA-Q9M2-FHV9-3JCF `potato-annotation` has a Project-Boundary Bypass

Summary validatepathsecurity uses string-prefix containment startswith for boundary checks. This allows paths that are outside the intended project directory but share its prefix string e.g., /tmp/potatoprojdemoevil/... vs /tmp/potatoprojdemo to be accepted. Details Affected source location root...

5.1CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder