Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/26 7:26 p.m.22 views

CVE-2026-46386 OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`

OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRETKEYBASE=OVERWRITEME as the default Rails master key. Combined with cookiesserializer = :marshal, this gives any logged-in user a deterministic...

9.9CVSS0.00272EPSS
Exploits0References1
Snyk
Snyk
added 2021/12/08 12:8 p.m.43 views

Authentication Bypass

Overview Affected versions of this package are vulnerable to Authentication Bypass when a password's salt is unknown. If the secret key base variable is somehow leaked, an attacker can become any user by misusing the masquerade back functionality of this Devise extension, something that is not...

8.1CVSS7AI score0.0121EPSS
Exploits1References2
Metasploit
Metasploit
added 2020/12/10 5:41 p.m.98 views

GitLab File Read Remote Code Execution

This module provides remote code execution against GitLab Community Edition CE and Enterprise Edition EE. It combines an arbitrary file read to extract the Rails "secretkeybase", and gains remote code execution with a deserialization vulnerability of a signed 'experimentationsubjectid' cookie tha...

5.5CVSS6.2AI score0.42741EPSS
Exploits10
Hacker One
Hacker One
added 2018/12/11 5:52 p.m.54 views

GitLab: information disclosure of secret_key_base via encoding charcters

@pareshparmar discovered an error page that was disclosing the value of the secretkeybase key of customers.gitlab.com to unauthenticated users, which would have allowed an attacker to arbitrarily decrypt signed cookies. So I was fuzzing one parameter with different type of encodings. And one...

0.9AI score
Exploits0
CNVD
CNVD
added 2016/09/21 12:0 a.m.1 views

Metasploit secret_key_base deserialization vulnerability

Metasploit is an open source security vulnerability detection tool that helps security and IT professionals identify security issues, validate mitigations for vulnerabilities, and manage expert-driven security for assessments that provide true security risk intelligence. A deserialization...

7.6AI score
Exploits0References1
myhack58
myhack58
added 2016/09/21 12:0 a.m.39 views

Metasploit exposure remote code execution vulnerability: don't mess with me, I mad up my own all black-and-vulnerability warning-the black bar safety net

Just this week, Rapid7 community to publish two on the Metasploit framework security patches, by these two vulnerabilities, an attacker can remote unauthorized execution of arbitrary code. Currently, security researchers have issued the relevant POC attack code. ! Vulnerability: Metasploit Web...

1.8AI score
Exploits0
Rows per page
Query Builder