BIT-GITLAB-2022-0172

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones...

DEBIAN-CVE-2023-33970

Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a missing access control was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or...

Kanboard 安全漏洞

Kanboard is a suite of open source visual task board software. The software has the ability to customize the panels to suit the business. A security vulnerability exists in Kanboard 1.2.29 and earlier versions, which stems from a lack of access control and allows a low-privileged user to disclose...

PT-2023-24610 · Kanboard · Kanboard

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.30 Description: A missing access control issue was found in Kanboard, allowing a user with the lowest privileges to leak all task and project titles, even if they are not invited or it's a personal project. This...

SUSE CVE-2018-17449

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...

CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before...

CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before...

IDOR Disclosure of Private Project Titles - CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.7 8.6.0 ≤ version 8.9.2...

CVE-2019-20404

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability...

Authorization

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability...

Improper authorization on project titles vulnerability in Jira - CVE-2019-20404

The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. h3. Note on fix The fix was tested internally before backporting it and no issues were...