7 matches found
CVE-2026-25714
Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941...
Improper Access Control
org.keycloak, keycloak-services is vulnerable to Improper Access Control. The vulnerability is due to improper user-organization mapping due to matching usernames or emails with an organization’s domain pattern at the mapper level, allows an attacker to bypass authorization and escalate privilege...
Keycloak 访问控制错误漏洞
Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an access control error vulnerability that stems from a user-organization domain pattern mismatch in the organization function. An attacker exploiting this vulnerability could be...
CVE-2023-22738
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...
CVE-2023-22738 Improper Preservation of Permissions in vantage6
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...
vantage6 安全漏洞
vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in versions prior to vantage6 3.8.0 that stems from the system assigning existing users to different organizations, which could lead ...
Liferay Portal 6.1 - 6.0.x Privilege Escalation
Exploit for java platform in category web applications Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of...