3 matches found
CVE-2026-59093 Weaviate < 1.38.0 - Privilege Escalation via Unchecked Permissions in RBAC Role Assignment
Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...
Jenkins Enterprise and Operations Center < 2.249.31.0.5 / 2.289.1.2 Multiple Vulnerabilities (CloudBees Security Advisory 2021-06-02)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.5, or 2.x prior to 2.289.1.2. It is, therefore, affected by multiple vulnerabilities, including the following: - A flaw exists in CloudBees Jenkins due to RBAC role...
Security update 1970-01-01
...