Caldera Security Vulnerabilities and Issues — Caldera CVE List

Lucene search

MitreCaldera

3 matches found

CVE•added 2020/03/22 4:15 p.m.•44 views

CVE-2020-10807

auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.

5.3CVSS5.4AI score0.00297EPSS

CVE•added 2022/10/17 8:15 p.m.•35 views

CVE-2022-41139

MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.

5.4CVSS5.5AI score0.00105EPSS

CVE•added 2020/06/19 12:15 p.m.•29 views

CVE-2020-14462

CALDERA 2.7.0 allows XSS via the Operation Name box.

5.4CVSS5.2AI score0.00191EPSS