99 matches found
CreateWiki 安全漏洞
CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that could expose suppressed wiki requests to private wikis...
[SECURITY] Fedora 40 Update: maven-doxia-sitetools-1.11.1-10.fc40
Doxia is a content generation framework which aims to provide its users with powerful techniques for generating static and dynamic content. Doxia can be used to generate static sites in addition to being incorporated into dynamic content generation systems like blogs, wikis and content management...
BIT-GITLAB-2022-1417
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...
Improper Access Control
gitlab is vulnerable to Improper Access Control. The vulnerability allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...
CVE-2021-44854
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...
CVE-2021-44854
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...
DEBIAN-CVE-2021-44854
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...
UBUNTU-CVE-2021-44854
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...
CVE-2021-44854
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...
GHSA-599V-W48H-RJRM XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
Impact Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects...
CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...
img_auth.php may leak private extension images into the public cache
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...
GitLab 8.12 < 14.8.6 / 14.9 < 14.9.4 / 14.10 < 14.10.1 (CVE-2022-1417)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allo...
CVE-2022-1417
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...
CVE-2022-1417
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...
CVE-2022-1417
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...
CVE-2022-1417
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...
CVE-2022-1417
Removed by vendor...
PT-2022-13872 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.12 through 14.8.6 GitLab CE/EE versions 14.9 through 14.9.4 GitLab CE/EE versions 14.10 through 14.10.1 Description: The issue is related to improper access control in GitLab CE/EE, allowing non-project members to acce...
UBUNTU-CVE-2021-44858
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead...