2 matches found
GHSA-73JV-44C3-J5P2 Ajenti has an authorization bypass during custom package installation
Impact An authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. Patches This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible...
PT-2023-31614 · Unknown · Yii2-Authclient
Name of the Vulnerable Software and Affected Versions: yii2-authclient versions prior to 2.2.15 Description: The issue concerns a timing attack vulnerability in the Oauth1/2 state and OpenID Connect nonce due to comparison via regular string comparison instead of using...