1697 matches found
Design/Logic Flaw
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. Thi...
CVE-2022-24842 Improper Privilege Management in MinIO
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. Thi...
CVE-2022-24842 Improper Privilege Management in MinIO
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. Thi...
Jenkins Pipeline访问控制错误漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Pipeline is a suite of plugins that support the implementation and integration of continuous delivery pipelines int...
PT-2022-19387 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 564.ve62a 4eb b e039 and earlier, except version 2.21.3 Description: The issue allows attackers who can submit pull requests, but not commit directly to the configured SCM, to change t...
CVE-2022-1193
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances...
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Overview git-pull-or-clone is an Ensure a git repo exists on disk and that it's up-to-date Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to the use of the --upload-pack feature of git which is also supporte...
sendFundsToUser() does not verify that the user has deposited anything
Lines of code Vulnerability details Impact Users can request arbitrary amounts when requesting funds from the executor, because the deposit hash is not checked against actual deposits. The user can be the executor him/herself if they wish to rug-pull directly. Proof of Concept function...
Folder names of "File Drop" share accessible
None...
High memory usage for generating preview of broken image
None...
User enumeration setting not obeyed in User Status API
None...
Geolocation preview links can be set to arbitrary links
None...
cleanpullcord.co.uk Improper Access Control vulnerability OBB-2414694
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Centralisation Risk: Admin Role of TokenManagerEth can Rug Pull All Eth from the Bridge
Lines of code Vulnerability details Impact There is a Centralisation risk of the bridge where the DEFAULTADMINROLE of TokenManagerEth.sol is able to modify the ERC20 token on the SChain to any arbitrary address. This would allow the admin role to change the address to one where they have infinite...
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...
Design/Logic Flaw
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions...