Lucene search
K

6 matches found

Snyk
Snyk
added 2026/03/12 12:36 a.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the Management API when an authenticated user with a valid low-privilege token specifies a different tenant's projectid, grantid, or appid. An attacker can access sensitive...

7.7CVSS5.9AI score0.00393EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/26 3:13 a.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Actions V2 webhook. An attacker can access internal network resources and gather information about internal services by specifying target URLs that resolve to local hosts or internal IP addresses...

6.5CVSS6AI score0.00226EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/29 7:41 p.m.2 views

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force via insufficient enforcement of authentication attempt limits in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks against OTP, TOTP, or passwor...

9.8CVSS7AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/06 4:51 p.m.2 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

8CVSS7AI score0.00404EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/06 4:51 p.m.0 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

8CVSS7AI score0.00404EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/06 4:51 p.m.1 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

8CVSS7AI score0.00404EPSS
Exploits0References2
Rows per page
Query Builder