4 matches found
SUSE CVE-2026-28790
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...
CVE-2026-28790
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...
CVE-2026-28790
OliveTin prior to 3000.11.0 allows an unauthenticated guest to terminate running actions via KillAction RPC, despite authRequireGuestsToLogin: true. Guests may access the KillAction endpoint directly and stop actions, causing unauthorized denial of service. This is a broken access control issue w...
CVE-2026-28790 OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests are correctly blocked from dashboard access, bu...