4 matches found
CVE-2026-48089
DevGuard provides vulnerability management for the full software supply chain. Prior to 1.4.2, on a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create,...
GHSA-6P54-FW2F-Q7GF DevGuard has improper authorization on public assets
Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...
DevGuard has improper authorization on public assets
Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...
PT-2026-48812
Name of the Vulnerable Software and Affected Versions DevGuard versions prior to 1.4.2 Description On API instances with public assets, any authenticated user can perform unauthorized write operations, regardless of their organization, project, or asset membership. This allows attackers to create...