CVE-2022-48318 Insecure access control mechanisms for RestAPI documentation

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...

PT-2023-15695 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0 through 2.0.0p29 Checkmk versions 2.1.0 through 2.1.0p13 Description: The issue is related to the lack of authorization controls in the RestAPI documentation for Checkmk, which may lead to unintended information...

PT-2023-15694 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.0.0p1 through 2.0.0p28 Checkmk versions 2.1.0p1 through 2.1.0p10 Description: The issue arises from the insecure termination of expired sessions in the RestAPI, allowing an attacker to utilize expired session tokens for...

Checkmk 代码问题漏洞

Checkmk is an editor. A security vulnerability exists in Tribe29 Checkmk version 2.1.0p10 and earlier, version 2.0.0p28 and earlier, which stems from failing to securely terminate expired sessions in RestAPI. An attacker could exploit the vulnerability to use an expired session token when...

Unauthorized Access Vulnerability in Joomla!

Joomla! is a globally recognized content management system. An unauthorized access vulnerability exists in Joomla! versions 4.0.0 through 4.2.7. The vulnerability is due to an incorrect access check in the affected versions, which can be exploited by an attacker to gain unauthorized access to the...

Improper Certificate Validation

cloudconnectlib is vulnerable to Improper Certificate Validation. Requests to third-party APIs through the REST API Modular Input allows a remote attacker to downgrade the API request to HTTP after a connection over HTTPS fails when the REST API Modular Input functionality is used through its use...

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0208)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0208 advisory. - In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the sendemail' REST API endpoint lets any authenticated user...

Unauthorized Rest Api owned by Joomla(officially accepted)

Description Joomla has provided the Rest API since version 4.0. These apis need to provide authentication information when accessing, but if public is added to the request parameters when accessing the api. Then any unauthenticated user can directly access Proof of Concept Api can directly obtain...

SUSE CVE-2010-3782

obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation...

SUSE CVE-2013-6428

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

SUSE CVE-2014-7811

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...

SUSE CVE-2015-5607

Cross-site request forgery in the REST API in IPython 2 and 3...

SUSE CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

CVE-2023-22943

In Splunk Add-on Builder AoB versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs...

CVE-2023-22938

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

CVE-2023-22943

In Splunk Add-on Builder AoB versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs...

Design/Logic Flaw

In Splunk Add-on Builder AoB versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs...

Design/Logic Flaw

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...