5375 matches found
CVE-2023-1775
Summary: CVE-2023-1775 affects Mattermost Server in High Availability mode, where sanitization failures on certain user_updated and post_deleted events can disclose sensitive information to connected WebSocket clients. This results in an information disclosure vulnerability without confirmed expl...
CVE-2023-1775 Unsanitized events sent over Websocket to regular users in a High Availability environment
When running in a High Availability configuration, Mattermost fails to sanitize some of the userupdated and postdeleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients...
PT-2023-17235 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: When running in a High Availability configuration, Mattermost fails to sanitize some of the user updated and post deleted events broadcast to all users, leading to disclosure of sensitiv...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in Apache Tomcat affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in...
Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in Apache Tomcat affects the product's management GUI, potentially allowing an attacker to cause a denial of service. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, cause...
code-server vulnerable to Missing Origin Validation in WebSockets
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance...
Missing Origin Validation in WebSockets
Overview code-server is an application that allows running VS Code on a remote server. Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect...
Atlassian Jira < 9.6.0 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 9.6.0. It is, therefore, affected by multiple vulnerabilities: - A issue in the underlying Spring framework which permits a authenticated attacker to perform a STOMP over...
Remote Code Execution
github.com/gitpod-io/gitpod is vulnerable to Remote Code Execution. The vulnerability exists due to cross-site WebSocket Hijacking because the Origin header is not restricted which allows an attacker to take over a workspace with stolen credentials or and extract data from a workplace...
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
Cross site scripting
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-0957
CVE-2023-0957 describes a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in Gitpod versions prior to release-2022.11.2.16. The issue arises because the Origin header is not restricted, allowing an attacker to initiate WebSocket connections to the Gitpod JSONRPC server using a victim’s crede...
Gitpod 访问控制错误漏洞
Gitpod is an open source Kubernetes application for automated and ready-to-use code development environments that can be integrated into your existing workflow. Gitpod has a security vulnerability that stems from the presence of a Cross-Site WebSocket Hijacking CSWSH vulnerability, which can be...
SUSE CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
K18570111: BIG-IP ASM and Advanced WAF WebSocket vulnerability CVE-2021-23010
Security Advisory Description When the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON content profile in the ASM security policy, the BIG-IP ASM bd process may produce a core file. CVE-2021-23010 Impact When this vulnerability is exploited, t...
K29042031: Multiple Spring Framework vulnerabilities
Security Advisory Description On April 5th, 2018, three new vulnerabilities were published in the popular Java web framework called Spring. Details on these vulnerabilities and exploit code are not yet available, and mitigation details may change if and when the exploit code is available. You can...