This vulnerability was reported via the GitHub Bug Bounty program.ĭue to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response. This vulnerability affected all versions of GitHub Enterprise Server since 3.9 and was fixed in version 3.9.7, 3.10.4, and 3.11.1. To exploit this vulnerability, an attacker would need network access to the Enterprise Server appliance configured in Private Mode. VDB-248218 is the identifier assigned to this vulnerability.Īn improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. It is recommended to upgrade the affected component. Upgrading to version 4.52.01 is able to address this issue. The exploit has been disclosed to the public and may be used. The manipulation of the argument path/file leads to unrestricted upload. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests.Ī vulnerability was found in kalcaddle KodExplorer up to 4.51.03. A vulnerable API method in M-Files Server before 5.0 allows for uncontrolled resource consumption.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |