34 matches found
CVE-2022-22831
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...
CVE-2022-22833
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request...
CVE-2022-22832
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...
CVE-2022-22833
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request...
CVE-2022-22833
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request...
CVE-2022-22833
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request...
Cross site request forgery (csrf)
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request...
CVE-2022-22832
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...
CVE-2022-22832
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...
CVE-2022-22831
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...
CVE-2022-22831
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...
CVE-2022-22832
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...
CVE-2022-22831
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...
Authorization
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...
Design/Logic Flaw
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...
CVE-2022-22833
CVE-2022-22833 affects Servisnet Tessa version 0.0.2. The root cause is exposure of sensitive information through the app.js file, enabling an attacker to obtain confidential data via a /js/app.js request. Public sources listed include Red Hat and CVE records confirming the disclosure vector but ...
CVE-2022-22833
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request...
CVE-2022-22832
Summary: CVE-2022-22832 affects Servisnet Tessa 0.0.2, where authorization data is exposed via an unauthenticated request to /data-service/users/. This is a privilege-escalation risk because information about users can be retrieved by any user, potentially enabling password data exposure in respo...
CVE-2022-22832
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request...
CVE-2022-22831
CVE-2022-22831 affects Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user by manipulating the Authorization HTTP header, due to insufficient validation in that header. The result is an unauthorized, unauthenticated privilege escalation to a highly privileged admin account, with high i...