Lucene search
+L

96 matches found

Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.24 views

Apache Superset vulnerable to improper data authorization

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5.2AI score0.00726EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/09/06 1:15 p.m.30 views

CVE-2023-27523

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5AI score0.00726EPSS
Exploits0References1
Prion
Prion
added 2023/09/06 1:15 p.m.25 views

Authorization

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

4CVSS4.5AI score0.00726EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/06 12:55 p.m.29 views

CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS5.3AI score0.00726EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/06 12:55 p.m.13 views

CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS6.7AI score0.00726EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2022/09/20 9:16 p.m.8 views

Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity

Summary When entity aliases mapped to a single entity share the same alias name, but have different mount accessors, Vault can leak metadata between the aliases. This metadata leak may result in unexpected access if templated policies are using alias metadata for path names. This vulnerability,...

9.1CVSS7AI score0.00781EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/05/24 10:28 p.m.14 views

GHSA-CJ7G-H7RF-H8J9 Apache Superset OS Command Injection

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

8.8CVSS8.7AI score0.03076EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/24 10:28 p.m.24 views

Apache Superset OS Command Injection

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

8.8CVSS7.1AI score0.03076EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/16 9:2 p.m.49 views

vault-cli contains possible RCE when reading user-defined data

Impact What kind of vulnerability is it? Who is impacted? vault-cli features the ability for rendering templated values as explained in the documentation. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a...

9.1CVSS0.6AI score0.05004EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2021/12/16 7:15 p.m.17 views

CVE-2021-43837

vault-cli is a configurable command-line interface tool and python library to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix !template!, vault-cli interprets the rest of the contents of th...

9.1CVSS9.4AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/11/30 3:15 p.m.4 views

CVE-2021-43998

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault...

6.5CVSS6.7AI score0.01008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/11/30 12:0 a.m.6 views

PT-2021-24000 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.7.5 HashiCorp Vault and Vault Enterprise version 1.8.4 Description: The issue arises when templated ACL policies in HashiCorp Vault and Vault Enterprise match the first-created...

6.5CVSS7.6AI score0.01008EPSS
Exploits0References10
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2021/11/18 5:54 p.m.8 views

Vault's Templated ACL Policies Matched First-Created Alias Per Entity and Auth Backend

Summary Vault and Vault Enterprise “Vault” templated ACL policies would always match the first-created entity alias if multiple entity aliases existed for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. This vulnerability, CVE-2021-43998, was fixed...

6.5CVSS6.7AI score0.01008EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/09/30 9:15 p.m.36 views

Design/Logic Flaw

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

5.5CVSS7.8AI score0.02001EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/09/25 6:15 a.m.32 views

CVE-2020-26105

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM SEC-554...

9.8CVSS0.01419EPSS
Exploits0References1
OSV
OSV
added 2020/09/25 6:15 a.m.2 views

CVE-2020-26103

In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM SEC-551...

7.5CVSS7AI score
Exploits0References1
OSV
OSV
added 2020/09/25 6:15 a.m.6 views

CVE-2020-26104

In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM SEC-552...

7.5CVSS7.1AI score0.01385EPSS
Exploits0References1
OSV
OSV
added 2020/09/25 6:15 a.m.4 views

CVE-2020-26105

In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM SEC-554...

9.8CVSS7.3AI score0.01419EPSS
Exploits0References1
OSV
OSV
added 2020/09/25 6:15 a.m.2 views

CVE-2020-26101

In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM SEC-549...

9.8CVSS7.3AI score0.01419EPSS
Exploits0References1
OSV
OSV
added 2020/09/25 6:15 a.m.3 views

CVE-2020-26102

In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM SEC-550...

7.5CVSS7.1AI score0.01385EPSS
Exploits0References1
Rows per page
Query Builder