#oauth

Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.

Red Hat Security Advisory 2023-1655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. Issues addressed include bypass, cross site scripting, information leakage, insecure permissions, and privilege escalation vulnerabilities.

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3172: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected acti...

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to u...

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.

Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and in provisioning Azure Role Based Access Control as customers are responsible for configuring and managing applications, identity, and data.

Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documen...

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory.

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.