Keycloak 访问控制错误漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an access control error vulnerability that stems from a user-organization domain pattern mismatch in the organization function. An attacker exploiting this vulnerability could be...

CVE-2023-22738

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...

CVE-2023-22738 Improper Preservation of Permissions in vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain...

vantage6 安全漏洞

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in versions prior to vantage6 3.8.0 that stems from the system assigning existing users to different organizations, which could lead ...

Liferay Portal 6.1 - 6.0.x Privilege Escalation

Exploit for java platform in category web applications Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of...