![]() ![]() JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. ![]() In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. JetBrains Hub before 206 was vulnerable to reflected XSS. In JetBrains Hub before 206, an unprivileged user could perform DoS. In JetBrains Hub before 200, integration with JetBrains Account exposed an API key with excessive permissions. HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. Apache JSPWiki users should upgrade to 2.11.2 or later.īusiness Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. Apache JSPWiki users should upgrade to 2.11.2 or later.Ī carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.Īpache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. This issue affects Apache Airflow versions 2.2.3 and below. It was discovered that the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |