The documentation does not advise against the use of passdb definitions that have the same driver and args settings. ![]() These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. Thus, compromising the confidentiality and integrity of the applicationĪn issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. On successful exploitation, the attacker can read/write attachments. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.ĭue to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |