Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2025/01/23 10:35 p.m.22 views

Directus allows privilege escalation using Share feature

Summary When sharing an item, user can specify an arbitrary role. It allows user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Details Specifying role on share should be available only for admins. The current flow has a security flaw. Each other...

5CVSS5.3AI score0.00372EPSS
Exploits1References7Affected Software2
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.8 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.478 and earlier and LTS 2.462.2 and earlier, which stems from not editing...

4.3CVSS6.7AI score0.0084EPSS
Exploits0References4
OSV
OSV
added 2022/08/17 12:15 a.m.2 views

CVE-2022-1399

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...

9.1CVSS7.7AI score0.00786EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/16 9:0 p.m.6 views

CVE-2022-1399

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...

9.1CVSS8.3AI score0.00786EPSS
Exploits0References2
Rows per page
Query Builder