An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated.
A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access.
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to.
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.
A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs.
An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room.
A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.
An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261367.
A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3.
The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data. Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.
Missing Authorization vulnerability in Martin Gibson WP GoToWebinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP GoToWebinar: from n/a through 15.6.
The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.
Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes.
The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure.
Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.
SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information.
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve Elementor template data.
The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application.
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5.
Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19.
Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.109.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through 5.1.0.
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.
A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4.
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6.
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses setting is disabled. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. As possible workarounds, either prevent moderators from accessing the review queue or disable the approve suspect users site setting and the must approve users site setting to prevent users from being added to the review queue.
Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
Authenticated users were able to enumerate other users' names via the learning plans page.
Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details
Missing Authorization vulnerability in Discourse WP Discourse.This issue affects WP Discourse: from n/a through 2.5.1.
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for.
Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. On successful exploitation, the attacker can cause limited impact on confidentiality of the application.