Mozilla: [Vertical Privilege Escalation] User can Unapproved any Approved Translation at [/translations/unapprove/]

A vulnerability was discovered in the Pontoon web application where any logged-in user could unapprove any approved translation, regardless of their privileges. This was due to a logical error in the validation logic, which allowed bypassing the authorization check. The vulnerability could be...

CVE-2018-5697

Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to adminkbart.php or the order parameter to adminjradmin.php, related to functionskb.php...

Atlassian auto-unapprove plugin security bypass vulnerability

Atlassian auto-unapprove plugin is a plugin with auto-unapprove function applied in Bitbucket by Atlassian Australia. A security vulnerability exists in Atlassian auto-unapprove plugin version 3.0.1. An attacker can exploit the vulnerability to bypass the plugin via a brute force attack...

CVE-2017-16857

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...

CVE-2017-16857

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...

CVE-2017-16857

The CVE-2017-16857 entry concerns the Atlassian auto-unapprove plugin for Bitbucket. Affected component: the auto-unapprove plugin (not bundled with Bitbucket Server). Root cause: bypass of the plugin via minimal brute-force due to reliance on back-end asynchronous events, enabling an attacker to...