4 matches found
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage Summary This vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
glider_StakedUSDeV2
StakedUSDeV2 Uninitialized Role Variable PoC Vulnerability...
JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure
The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...
CVE-2010-1617
CVE-2010-1617 (Moodle) : A flaw in Moodle’s access check on user/view.php allows remote authenticated users to obtain the full names of other users via the course profile page. Affected: Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8. Exploitation context and impact are stated in multiple advi...