GHSA-2GRH-GR37-2283 Solr search discloses email addresses of users

Impact The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. Patches This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1...

Solr search discloses email addresses of users

Impact The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. Patches This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1...

CVE-2022-2528

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages...

Design/Logic Flaw

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages...

CVE-2022-2528

CVE-2022-2528 affects Octopus Deploy. The issue allows uploading a package to the built-in feed with insufficient permissions after re-indexing packages. Per NVD, CVSS 3.1 base score 6.5 (Medium) with Network attack vector, low attack complexity, privileges required, no user interaction; impact i...

CVE-2022-2528

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages...

PT-2022-17185 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows uploading a package to the built-in feed with insufficient permissions after re-indexing packages. Recommendations: At the moment, there is no information about a...

A link to Re-Indexing is visible to users even if they are not sys admin

I saw this on EACJ where I am not a sys admin quote XXXX made configuration changes in section 'Custom Fields' at 01/Feb/10 1:16 PM. It is recommended that you perform a re-index. For more information, please click the Help icon. To perform the re-index now, please go to the 'Indexing' section...

A link to Re-Indexing is visible to users even if they are not sys admin

I saw this on EACJ where I am not a sys admin quote XXXX made configuration changes in section 'Custom Fields' at 01/Feb/10 1:16 PM. It is recommended that you perform a re-index. For more information, please click the Help icon. To perform the re-index now, please go to the 'Indexing' section...

A link to Re-Indexing is visible to users even if they are not sys admin

I saw this on EACJ where I am not a sys admin quote XXXX made configuration changes in section 'Custom Fields' at 01/Feb/10 1:16 PM. It is recommended that you perform a re-index. For more information, please click the Help icon. To perform the re-index now, please go to the 'Indexing' section...

When deleting an Issue Security Level issues need to be re-indexed

Create 1 security levels Put some issues into it Delete the level hence removing any security level from the issues You will not be able to find the issues any more - need to re-index...

When deleting an Issue Security Level issues need to be re-indexed

Create 1 security levels Put some issues into it Delete the level hence removing any security level from the issues You will not be able to find the issues any more - need to re-index...

When deleting an Issue Security Level issues need to be re-indexed

Create 1 security levels Put some issues into it Delete the level hence removing any security level from the issues You will not be able to find the issues any more - need to re-index...