Lucene search
K

99 matches found

CNNVD
CNNVD
added 2024/03/28 12:0 a.m.5 views

CreateWiki 安全漏洞

CreateWiki is Miraheze's MediaWiki extension for requesting and creating wikis. A security vulnerability exists in CreateWiki that could expose suppressed wiki requests to private wikis...

6.5CVSS6.7AI score0.00691EPSS
Exploits0References4
Fedora
Fedora
added 2024/03/07 10:33 p.m.23 views

[SECURITY] Fedora 40 Update: maven-doxia-sitetools-1.11.1-10.fc40

Doxia is a content generation framework which aims to provide its users with powerful techniques for generating static and dynamic content. Doxia can be used to generate static sites in addition to being incorporated into dynamic content generation systems like blogs, wikis and content management...

8.8CVSS6.7AI score0.02578EPSS
Exploits3
OSV
OSV
added 2024/03/06 11:16 a.m.23 views

BIT-GITLAB-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS4.1AI score0.00945EPSS
Exploits0References4
Veracode
Veracode
added 2023/07/23 8:33 a.m.17 views

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS6.8AI score0.00945EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2022/12/26 11:34 a.m.37 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

3.5CVSS2.3AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2022/12/26 5:15 a.m.28 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2022/12/26 5:15 a.m.4 views

DEBIAN-CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS5.2AI score0.00613EPSS
Exploits0References1
OSV
OSV
added 2022/12/26 5:15 a.m.5 views

UBUNTU-CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS6AI score0.00613EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2022/12/26 12:0 a.m.47 views

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis...

5.3CVSS4.6AI score0.00613EPSS
Exploits0
OSV
OSV
added 2022/09/16 5:39 p.m.29 views

GHSA-599V-W48H-RJRM XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor

Impact Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects...

7.5CVSS6.3AI score0.00708EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/08 5:15 p.m.39 views

CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...

7.5CVSS7.8AI score0.00846EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.10 views

img_auth.php may leak private extension images into the public cache

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

3.1CVSS6.7AI score0.01302EPSS
Exploits0References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/18 12:0 a.m.24 views

GitLab 8.12 < 14.8.6 / 14.9 < 14.9.4 / 14.10 < 14.10.1 (CVE-2022-1417)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allo...

4.3CVSS5.2AI score0.00945EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/05/10 9:15 p.m.7 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS5.4AI score0.00945EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2022/05/10 9:15 p.m.47 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS5.8AI score0.00945EPSS
Exploits0References4
OSV
OSV
added 2022/05/10 8:30 p.m.16 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS6.4AI score0.00945EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/05/10 8:30 p.m.19 views

CVE-2022-1417

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs...

4.3CVSS4.6AI score0.00945EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/05/10 8:30 p.m.35 views

CVE-2022-1417

Removed by vendor...

4.3CVSS5.8AI score0.00945EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/05/10 12:0 a.m.2 views

PT-2022-13872 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.12 through 14.8.6 GitLab CE/EE versions 14.9 through 14.9.4 GitLab CE/EE versions 14.10 through 14.10.1 Description: The issue is related to improper access control in GitLab CE/EE, allowing non-project members to acce...

4.3CVSS4AI score0.00945EPSS
Exploits0References7
OSV
OSV
added 2021/12/20 9:15 a.m.11 views

UBUNTU-CVE-2021-44858

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead...

7.5CVSS6.8AI score0.01327EPSS
Exploits0References4
Rows per page
Query Builder