30 matches found
CVE-2026-44425
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...
CVE-2026-44425
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...
CVE-2026-44423
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...
CVE-2026-44424
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...
CVE-2026-44423
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...
CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...
CVE-2026-44423
CVE-2026-44423 describes a cross-tenant IDOR in ShellHub: before 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, exposing SSH session data (username, device UID, remote IP, terminal, timestamps) without tenant scoping. Root cause: GetSession resolves b...
CVE-2026-44424
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...
CVE-2026-44424 ShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namespace
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...
CVE-2026-44424 ShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namespace
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...
CVE-2026-44424
ShellHub (CVE-2026-44424) has a cross-tenant IDOR in GET /api/devices/:uid where an authenticated user can read device metadata from other namespaces. Root cause: GetDevice resolves a device by UID without enforcing tenant scoping; DeleteDevice applies InNamespace, but GetDevice does not. Impact:...
CVE-2026-44426 ShellHub: Cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...
CVE-2026-44426 ShellHub: Cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...
CVE-2026-44426
ShellHub (CVE-2026-44426) is a cross-tenant IDOR where GET /api/namespaces/:tenant returns the full namespace object (including members, emails, roles, settings, and device counts) to any caller authenticated with an API Key, regardless of the API Key’s tenant scope. Root cause: if the API Key la...
CVE-2026-44426
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...
CVE-2026-44425
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...
CVE-2026-44425
CVE-2026-44425 affects ShellHub, a centralized SSH gateway. The device list endpoint accepts user-controlled identifiers in the filter name and in the sort_by parameter, passes them as BSON/SQL keys without validation, enabling authenticated users to craft payloads that trigger aggregation/query ...
CVE-2026-44425 ShellHub: Crash-DoS via field injection in filter and sort-by parameters
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...
CVE-2026-44425 ShellHub: Crash-DoS via field injection in filter and sort-by parameters
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sortby query parameter, which are then passed directly as BSON/SQL keys in the...
ShellHub 输入验证错误漏洞
ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the device list endpoint accepting user-controlled identifiers as...