File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope

Summary File Browser enforces per-user scope with afero.NewBasePathFsafero.NewOsFs, scope, set up in users/users.go. This blocks lexical ../ traversal, but it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

CVE-2024-51004

Netgear R8500 (v1.0.2.160) and R7000P (v1.3.3.154) expose multiple stack overflow vulnerabilities in the usb_device.cgi component, exploitable via cifs_user, read_access, and write_access parameters. A crafted POST to the /usb_device.cgi endpoint can cause a Denial of Service. Connected sources c...

Incorrect Authorization in Jenkins Core

Jenkins before versions before 2.44 are vulnerable to an insufficient permission check for periodic processes SECURITY-389. The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes that a...

UBUNTU-CVE-2016-10148

The wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a getplugindata call before checking the updateplugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to...