5 matches found
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
Impact Affected configurations: - Single-origin JupyterHub deployments - JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. By tricking a user into visiting a malicious subdomain, the attacker can achieve an...
Open redirect via transitional IPv6 addresses on dual-stack networks
Impact Requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL...
CVE-2021-21392
Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6...
Insecure Access Controls
matrix-synapse is vulnerable to authorization bypass. Requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications, potentially resulting in Synapse to make requests to the internal...
Domain Integration (Drupal 7) - Moderately critical - Access bypass - SA-CONTRIB-2017-084
This module enables you to integrate the Domain module with other popular Drupal modules. The Domain Integration Login Restrict sub-module enables you to restrict access to a domain based on the assigned domains on a user. The Domain Integration Login Restrict sub-module doesn't sufficiently chec...