Lucene search
K

18 matches found

NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-23513

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...

7.1CVSS0.00282EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:11 p.m.7 views

CVE-2026-23513

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery and...

7.1CVSS5.9AI score0.00282EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/23 8:11 p.m.12 views

CVE-2026-23513

CVE-2026-23513 affects FOSSBilling prior to 0.8.0. A query-construction flaw in client list endpoints (ServiceTransaction::getSearchQuery and Order\Service::getSearchQuery) fails to group OR-based filters, allowing authenticated clients to bypass tenant scoping and retrieve other clients’ data (i...

7.1CVSS5.9AI score0.00282EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 10:16 p.m.12 views

CVE-2026-44423

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...

6.5CVSS0.00246EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:7 p.m.6 views

CVE-2026-44423 ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...

6.5CVSS5.9AI score0.00246EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/06 11:22 p.m.7 views

ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH session data

Summary GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps belonging to any other namespace...

6.5CVSS6AI score0.00246EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-38314

Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description An issue exists where the endpoint "/api/devices/:uid" returns the full device object to any authenticated user without verifying if the device belongs to the caller's namespace tenant. An...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-6240

Malware in sbrugna...

4CVSS6.1AI score0.01744EPSS
Exploits2References6
Hacker One
Hacker One
added 2024/01/19 4:3 p.m.36 views

Enjin: Lack of Tenant Scoping Enables Limited Cross-Tenant Data Querying and Mutation

A vulnerability was demonstrated on the Enjin Platform that allowed for limited cross-tenant data querying and mutation, enabling querying or mutating of someone else's data in certain cases. A full assessment found this had not been exploited outside of the report...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.4 views

SUSE CVE-2013-6428

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

4CVSS6.5AI score0.01744EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2014/01/22 6:31 p.m.8 views

Heat: ReST API doesn't respect tenant scoping

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

4CVSS5.8AI score0.01744EPSS
Exploits2References4
NVD
NVD
added 2013/12/14 5:21 p.m.37 views

CVE-2013-6428

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

4CVSS6.1AI score0.01744EPSS
Exploits2References3
OSV
OSV
added 2013/12/14 5:21 p.m.3 views

DEBIAN-CVE-2013-6428

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

4CVSS6.8AI score0.01744EPSS
Exploits2References1
Prion
Prion
added 2013/12/14 5:21 p.m.22 views

Path traversal

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

4CVSS6.6AI score0.01744EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2013/12/14 5:0 p.m.40 views

CVE-2013-6428

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

6.1AI score0.01744EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2013/12/14 5:0 p.m.24 views

CVE-2013-6428

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

4CVSS6.1AI score0.01744EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2013/12/11 3:0 p.m.20 views

CVE-2013-6428

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

4CVSS5.9AI score0.01744EPSS
Exploits2References2
OSV
OSV
added 2013/12/11 3:0 p.m.7 views

UBUNTU-CVE-2013-6428

The ReST API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenantid in the request path...

4CVSS5.8AI score0.01744EPSS
Exploits2References3
Rows per page
Query Builder