BIT-MAGENTO-2020-24404 Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

BIT-PARSE-2021-39138 New anonymous user session acts as if it's created with password

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...

BIT-JENKINS-2021-21639

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the config.xml REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type...

BIT-JASPERREPORTS-2021-35494

The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS...

BIT-MLFLOW-2023-43472

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API...

BIT-GITLAB-2023-5061 Missing Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to override predefined CI variables via the...

BIT-AIRFLOW-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...

BIT-ARTIFACTORY-2021-45721

JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting XSS through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory...

BIT-ARTIFACTORY-2021-46687

JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versio...

CVE-2024-1478

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...

CVE-2024-1088

The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content...

Design/Logic Flaw

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...

CVE-2024-1088 Password Protected Store for WooCommerce <= 2.2 - Information Exposure via REST API

The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content...

CVE-2024-1088

The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content...

CVE-2024-1088

The CVE-2024-1088 entry covers the Password Protected Store for WooCommerce WordPress plugin, which allows unauthenticated REST API access to sensitive data (post titles and content) in all versions up to 1.9. Public sources corroborate this information and indicate a mitigation/patch: version 2....

CVE-2024-1478 Maintenance Mode <= 3.0.1 - Information Exposure

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...

CVE-2024-1478 Maintenance Mode <= 3.0.1 - Information Exposure

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...

Password Protected Store for WooCommerce < 2.3 - Unauthenticated Arbitrary Post Tile & Content Access

Description The plugin is vulnerable to Sensitive Information Exposure via the REST API, allowing unauthenticated attackers to extract sensitive data including post titles and content...

Maintenance Mode < 3.0.2 - Unauthenticated Post/Page Content Disclosure

Description The plugin is vulnerable to Sensitive Information Exposure via the REST API, allowing unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin...

Improper Authentication

ZenML Server is vulnerable to Improper Authentication. The vulnerability is due to the REST API /api/v1/users/usernameorid/activate allows access on the basis of a valid username along with a new password in the request body. An attacker can exploit this to mount remote privilege escalation...