6 matches found
CVE-2022-25512
CVE-2022-25512 affects FreeTAKServer-UI v1.9.8. The root cause described in connected documents is that the WebUI leaks sensitive tokens (API and Websocket) in the JavaScript source, enabling information disclosure. The CVSS data from NVD indicates a high confidentiality impact (C:H) with network...
CVE-2022-25511
FreeTAKServer-UI v1.9.8 contains a path traversal vulnerability in the ?filename= parameter of the /DataPackageTable route that can allow attackers to place arbitrary files on the system. This is documented across multiple sources (CVE-2022-25511 and related advisories). The exact root cause is n...
CVE-2022-25510
The CVE-2022-25510 issue affects FreeTAKServer 1.9.8, where a hardcoded Flask secret key enables attackers to craft cookies to bypass authentication or escalate privileges. Root cause: the Flask secret key is stored in code/config instead of being externally supplied, compromising session integri...
CVE-2022-25507
CVE-2022-25507 affects FreeTAKServer-UI (v1.9.8) with a stored XSS vulnerability exploitable via the Callsign parameter. The connected sources confirm the vulnerability but do not provide exploitation details, affected versions beyond v1.9.8, or a published patch/mitigation. No root-cause or impa...
CVE-2022-25506
CVE-2022-25506 concerns FreeTAKServer-UI v1.9.8 with a reported SQL injection vulnerability in the API endpoint /AuthenticateUser . Multiple connected sources confirm the flaw stems from improper neutralization of SQL commands against the SQLite3 database, enabling an attacker to access sensitive...
CVE-2022-25508
FreeTAKServer v1.9.8 has an access control vulnerability in the /ManageRoute/postRoute endpoint that allows unauthenticated users to cause a DoS by creating an unusually large number of routes (or unsafe/false routes). The issue is documented across multiple sources (NVD, OSV, CNVD, GHSA/GitHub a...