4 matches found
CVE-2024-28024
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere...
CVE-2021-27757
" Insecure password storage issue.The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Since the information is stored in cleartext, attackers could potentially read it and gain access to sensitive information."...
CVE-2022-21646 Lookup operations do not take into account wildcards in SpiceDB
SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...
GitLab: Steal private objects of other projects via project import
Summary An attacker could transfer issues, merge requests of another project to the imported project by importing a crafted GitLab export. Steps to reproduce 1. Import the attached tarball as GitLab export. 2. Check the issues page of the imported project. You will see an private issue created by...