CVE-2023-27485

thmmniii/fbs-core prior to 1.5.3 has an insufficient authorization flaw when querying subresults, allowing logged-in users to access subresults from other users and failing to link subresults to a specific user. The issue is addressed in commit f1ae67d8bb2 and released with version 1.5.3; users s...

CVE-2023-37468

The CVE-2023-37468 issue affects Feedbacksystem where LDAP usernames’ passwords are stored in clear text in the database and the LDAP password is passed unencrypted in LoginController.scala during first login. This affects only LDAP-authenticated users (local/cas login not impacted). The vulnerab...