SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A path traversal...

Shipt: Slack token leaking in stackoverflow and devtimes

A Shipt employee inadvertently posted a Slack Webhook URI including the authentication token on two public tech forums: Stackoverflow.com and devtimes.com. While this incoming webhook's configuration was restricted to posting in a single channel created for testing this application and only 2 Shi...

Red Hat OpenShift Enterprise cluster-reader information disclosure vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. cluster-reader is a cluster-reader component. A security vulnerability exists in th...

CVE-2017-15138

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...

Code injection

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...

CVE-2017-15138

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...

CVE-2017-15138

The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens...

CVE-2017-15138

OpenShift OpenShift Enterprise cluster-read can access webhook tokens, enabling an attacker with sufficient privileges to view confidential webhook tokens. The issue is an improper authorization flaw in the atomic-openshift component affecting OpenShift Container Platform (and Enterprise) where c...

PT-2018-12939 · Gogs +1 · Gogs +1

Name of the Vulnerable Software and Affected Versions: Gitea versions through 1.5.0-rc2 Gogs versions through 0.11.53 Description: A Server-Side Request Forgery SSRF issue in webhooks affects Gitea and Gogs, allowing remote attackers to access intranet services. Recommendations: For Gitea version...

Atlassian Jira Webhooks Component Information Disclosure Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace, and Webhooks is one of the components that provides real-time information to the system. An information disclosure vulnerability...

Trovebox Server-Side Request Forgery Vulnerability

Trovebox is an open source image sharing and management platform. webhook is one of the lightweight event handling API. A server-side request forgery vulnerability exists in the webhook component of Trovebox versions prior to 4.0.0-rc6. An attacker can exploit this vulnerability by sending an HTT...

CVE-2018-1000553

Trovebox version = 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed...

Server side request forgery (ssrf)

Trovebox version = 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed...

CVE-2018-1000553

CVE-2018-1000553 concerns Trovebox ≤ 4.0.0-rc6, where the webhook component is vulnerable to Server-Side Request Forgery (SSRF). The flaw allows reading or updating internal resources and is exploitable via HTTP requests. The issue is tied to the webhook’s handling of internal requests, with the ...

FreeBSD : Gitlab -- multiple vulnerabilities (085a087b-3897-11e8-ac53-d8cb8abf62dd)

GitLab reports : Confidential issue comments in Slack, Mattermost, and webhook integrations. Persistent XSS in milestones data-milestone-id. Persistent XSS in filename of merge request. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

Anymail django-anymail Information Disclosure Vulnerability

Anymail django-anymail is a set of multiple transactional e-mail service provider integrated into Django open source e-mail system . A security vulnerability exists in the WEBHOOKAUTHORIZATION setting value in Anymail django-anymail versions 0.2 through 1.3. An attacker can exploit this...

Gitlab system_hook_push Remote Code Execution Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github, with access to a project's file contents, commit history, bug lists, etc. The GitLab Community Edition CE ...

Information Disclosure

django-anymail is vulnerable to information disclosure. When an error occurs, the value of the WEBHOOKAUTHORIZATION setting is printed in the Django error reports. This may allow anyone with access to the logs to discover the webhook shared secret and send inbound/tracking events to your...

DEBIAN-CVE-2018-1000089

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...

PYSEC-2018-46

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...