PT-2026-44163

Summary The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled. Details File: server/api/projects/index.js javascript prjApp.get"/api/project", secureFnc, functionreq, res const permission = checkGroupsFncreq;...

MantisBT Authorization Issue Vulnerability (CNVD-2025-28527)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...

MantisBT 授权问题漏洞

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. An authorization issue vulnerability exists in MantisBT 2.27.1 and earlier versions, which stems from insufficient...

GO-2024-3013 Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor

Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor...

Improper Permission Validation

github.com/goharbor/harbor is vulnerable to Improper Permission Validation. The vulnerability is due to the failure to validate maintainer role permissions when updating project configurations. Attackers can exploit this by sending requests to create, update, or delete metadata in a project they ...

Harbor fails to validate the user permissions when updating project configurations

Impact Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations - API call: - PUT /projects/projectnameorid/metadatas/metaname - POST /projects/projectnameorid/metadatas/metaname - DELETE /projects/projectnameorid/metadatas/metaname By sendin...

GHSA-HW28-333W-QXP3 Harbor fails to validate the user permissions when updating project configurations

Impact Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations - API call: - PUT /projects/projectnameorid/metadatas/metaname - POST /projects/projectnameorid/metadatas/metaname - DELETE /projects/projectnameorid/metadatas/metaname By sendin...

Zabbix Security Vulnerabilities

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from a security flaw in the Proxy, Server component that allows an attacker with...

Privilege Escalation

gitlab is vulnerable to Privilege Escalation. This vulnerability occurs due to a flaw in the way that GitLab handles project tokens. An attacker with the "Maintainer" role on any project can exploit this vulnerability to gain the "Internal" role on the same project, which grants them elevated...

CVE-2020-2197

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...