5 matches found
CVE-2026-6571
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument grouprole can lead to authorization bypass. The attack may be launched...
CVE-2026-6571 kodcloud KodExplorer systemRole.class.php roleGroupAction authorization
A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument grouprole can lead to authorization bypass. The attack may be launched...
CVE-2026-6571
Kodcloud KodExplorer (up to 4.52) is affected by CVE-2026-6571. The vulnerability targets the function roleGroupAction in /app/controller/systemRole.class.php, where manipulating the group_role argument can bypass authorization. Access may be remote, and public exploit availability is noted. Vend...
CVE-2014-0204
OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...
CommentService validation methods do not check user's security level
The validateCommentUpdate, hasPermissionToUpdate and hasPermissionToDelete methods on DefaultCommentService check the user's comment-related permissions but neglect to check whether they have a role/group security level viewable by the user attempting to delete a comment...