138 matches found
Casdoor - Authorization Bypass
Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access. id: CVE-2025-4210 info: name: Casdoor - Authorization Bypass author: theamanrawat severity:...
Prototype Pollution
Overview scim-patch is a SCIM Patch operation rfc7644. Affected versions of this package are vulnerable to Prototype Pollution via the scimPatch function. An attacker can modify the Object.prototype by supplying specially crafted keys in a patch operation, which can lead to privilege escalation,...
CVE-2026-46689
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...
EUVD-2026-36133
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...
CVE-2026-46689 Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...
CVE-2026-46689
Kanidm vuln CVE-2026-46689: An unauthenticated GET to any /scim/v1/... endpoint with a crafted ?filter= (thousands of nested parentheses, ~4–12 KB) can exhaust the parser’s stack due to an unbounded depth in the SCIM filter grammar. This causes a stack overflow and std::process::abort(), terminat...
CVE-2026-46689 Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...
CVE-2026-46425
Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...
EUVD-2026-32598
Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...
CVE-2026-46425 Budibase: SCIM endpoints lack role-based authorization, BASIC users CRUD tenant users
Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...
Budibase 安全漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...
PT-2026-42120
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.2 Description An authorization bypass exists in the SCIM router within packages/worker/src/api/routes/global/scim.ts. The router only utilizes the requireSCIM and doInScimContext middlewares, failing to implemen...
CVE-2026-43640
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...
CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...
CVE-2026-43640
Bitwarden Server (affected: v2026.4.1 and earlier) contains an authentication bypass for SCIM API key retrieval/rotation. A logged-in user with SCIM management privileges can obtain the organization's SCIM API key without re-authenticating the master password, exposing sensitive credentials. Root...
CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...
CVE-2026-43640 Bitwarden Server < 2026.4.1 Authentication Bypass via SCIM API Key
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...
PT-2026-39717
Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.4.1 Description An issue exists where master-password re-authentication is not required when retrieving or rotating an organization's SCIM API key. This allows an authenticated user with SCIM management...
GHSA-R5FR-9GMV-JGGH scim_proto and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion
Summary A single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort — the entire...
scim_proto and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion
Summary A single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort — the entire...