A collection of 209 issues

CVE-2022-32170 The "Bytebase" application does not restrict low privilege user access to admin "projects" for which an unauthorized user can view the affected endpoint.

The vulnerability can be exploited by an unprivileged user and has been reported to the vendor and assigned with a severity rating of “High“. The “Bytebase” application has been released as open source software and a patch for the vulnerability has been submitted to the maintainers. The vendor has also
3 min read

CVE-2022-28981 Liferay's Hypermedia REST APIs module has a path traversal vulnerability that allows remote attackers to access files outside of the com.liferay.headless.discovery.web META-INF folder.

The module responsible for handling requests for `/Discovery?parameter=value` and `/Discovery?parameter=value` allows remote attackers to access files outside of the intended scope via the `parameter` parameter. You can verify this vulnerability by visiting the following URL in your browser:
2 min read
Subscribe to
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.