4960 matches found
Information Disclosure
apache-airflow is vulnerable to Information Disclosure. The vulnerability is found in the configendpoint.py due to the fact that conf.getboolean"webserver", "exposeconfig" handles only the boolean cases and does not properly handle the case of non-sensitive-only. This oversight enables an...
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85609)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions 2.4.0 to 2.7.0 information leakage vulnerability , the...
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...
GHSA-GH64-QXH5-4M33 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
Impact When a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be...
CVE-2023-46128
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
CVE-2023-37913
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...
Code injection
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
PYSEC-2023-220
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
Code injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...
CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...
CVE-2023-37911 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document b...
CVE-2023-37911 org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document b...
Password Disclsosure
nautobot is vulnerable to Password Disclosure. The vulnerability is due to the fact that the utils.py does not correctly inherit all the necessary Meta attributes from the base serializer. This flaw permits an authenticated attacker to access hashed user passwords stored in the database through...
PT-2023-26180 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 9.4-rc-1 through 14.10.7 XWiki Platform versions 15.3-rc-1 and earlier Description: The issue arises when a document has been deleted and re-created, allowing users with view rights on the re-created document but not o...
GHSA-R2HW-74XV-4GQP Nautobot vulnerable to exposure of hashed user passwords via REST API
Impact In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. Nautobot 1.x is not affected by...
Nautobot vulnerable to exposure of hashed user passwords via REST API
Impact In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. Nautobot 1.x is not affected by...
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
Apache Airflow vulnerable to Exposure of Sensitive Information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for...