3 matches found
PT-2026-41189
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An issue exists where users granted read access to a model can also read the model's system prompt, which may contain confidential information. This occurs because the workspace model edit page...
jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path
An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePathrenameTo and FilePathmoveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the...
CVE-2011-4361
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by 1 leveraging the SpecialUpload::ajaxGetExistsWarning function, or by 2 leveraging an extension, as demonstrated by the CategoryTree,...