20 matches found
CVE-2026-12515
A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...
CVE-2026-12515
The CVE concerns Katello within Red Hat Satellite where content uploads lack proper authorization checks in the ContentUploadsController. The issue allows users with the edit_products permission to query whether specific content exists in repositories outside their authorized products, revealing ...
EUVD-2026-37746
A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...
CVE-2026-12515
A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...
PT-2026-50457
Name of the Vulnerable Software and Affected Versions Katello of Red Hat Satellite affected versions not specified Description Insufficient authorization checks in the ContentUploadsController within the content upload functionality allow authenticated users with the edit products permission to...
CVE-2020-10516
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior t...
CVE-2025-64688
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget...
CVE-2025-64688
...
CVE-2025-64688
CVE-2025-64688 is rejected/not used per the initial description.
CVE-2025-64688
...
CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
Improper access control
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
CVE-2021-22861
GitHub Enterprise Server vulnerability CVE-2021-22861: An improper access control issue allowed authenticated users to write to unauthorized repositories via crafted pull requests and REST API calls. Affected versions include ranges listed in PT-2021-15234: 2.4.21–2.20.23, 2.21.0–2.21.14, 2.22.0–...
GitHub Enterprise Server 安全漏洞
GitHub is a suite of hosting platforms for open source and private software projects. A security vulnerability exists in GitHub Enterprise Server that allows instances of authenticated users to gain write access to unauthorized repositories via specially designed pull requests and REST API...
CVE-2020-10516
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior t...
CVE-2020-10516
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior t...
Improper access control
An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior t...
CVE-2020-10516
GitHub Enterprise Server (API) vulnerability: improper access control allowed an organization member to escalate permissions and access unauthorized repositories within an org. Affected all versions prior to 2.21; fixed in 2.20.9, 2.19.15, and 2.18.20. Exploitation status and in‑the‑wild details ...
U.S. Dept Of Defense: Admin Login Credential Leak for DoD Gitlab EE instance
Summary A DoD employee/contractor exposed the ███ password in a GitHub repository █████████ leading to full ███ access in a DoD DISA-associated private Gitlab EE instance ███. Description The IP address ████ recently hosted the subdomain █████████ as of 2019-09-23. ██████ Now port 80 points to a...