Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the user invitation process. An attacker can gain unauthorized access with elevated privileges by using a valid invite token to create an account under any email address, thereby inheriting the role associated...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the user invitation process. An attacker can gain unauthorized access with elevated privileges by using a valid invite token to create an account under any email address, thereby inheriting the role associated...

EUVD-2023-36918

Malicious code in bioql PyPI...

EUVD-2022-41841

Malicious code in bioql PyPI...

CVE-2022-39385

Discourse is the an open source discussion platform. In some rare cases users redeeming an invitation can be added as a participant to several private message topics that they should not be added to. They are not notified of this, it happens transparently in the background. This issue has been...

CVE-2024-5132

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

PT-2022-2799 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 11.10 through 14.9.5 GitLab Enterprise Edition versions 14.10 through 14.10.4 GitLab Enterprise Edition versions 15.0 through 15.0.1 Description: The issue is related to the SCIM feature in GitLab, which can...

CVE-2022-1670

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users...

CVE-2022-23068

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail...

GHSA-JCMH-X32V-7MGF Cloud Foundry UAA privilege escalation with user invitations

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release uaa-release 13.x versions prior to v13.15,...

Cloud Foundry UAA privilege escalation with user invitations

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release uaa-release 13.x versions prior to v13.15,...

Ping Identity: CSRF in Inviting users

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...

CVE-2017-4992: Privilege escalation with user invitations | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v261 UAA release: 2.x versions prior to v2.7.4.17 3.6.x versions prior to v3.6.11 3.9.x versions prior to v3.9.13 Other versions prior to v4.2.0 UAA bosh release uaa-release: 13.x versions prior to...