Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-47437: GitHub - pachno/pachno

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script.

CVE
#xss#vulnerability#web#git#java#auth

Pachno open collaboration platform

Pachno is an open source platform for collaboration: issue tracking, project management, documentation, code and more.

With Pachno you get:

  • A powerful documentation editor for all your teams documentation needs
  • Workflow support with custom workflow configuration
  • Planning boards with kanban and scrum features
  • Issue tracking including custom fields and data
  • Time tracking for individual tasks and user
  • Team support for multiple teams and clients
  • Built-in features for supporting a wide range of projects and configurations
  • An extensible module-based platform, built to expand and improve

… and a lot more!

Installation

Follow the instructions in the installation guide for detailed installation instructions.

Reporting issues

If you find any issues, please report them in the issue tracker on our website: https://projects.pach.no

Development and testing using Vagrant

If you want to write code for Pachno, either to test out extensions or contribute bug-fixes or features, you can get up and running quickly using the provided development set-up.

Getting involved

Our community of helpful and friendly volunteers is always growing. If you are looking for an opensource project to get involved with, we’d love to get you onboard! Here, you get to influence in a meaningful way. In no particular order:

  • writing documentation, guides and articles
  • triaging (verifying) and investigating issues
  • suggest and influence new features
  • writing code
  • improve design and suggest new ones
  • contribute in our online community by either participating or moderating
  • testing and QA

If you want to pop by and chat, join us on https://pachno.zulipchat.com Prefer to get your hands dirty? Have a look at our issues on https://projects.pach.no/pachno Visit our online community at https://forum.pach.no

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907