Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-cv5c-2qv5-w2m2: Passbolt Api Remote code execution

Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or verification is done by Passbolt, effectively allowing a user to inject bash code.

The impact is very high, but the probability is very low given that this vulnerability can only be exploited during Passbolt’s installation stage.

ghsa
#vulnerability#git#rce

Passbolt Api Remote code execution

High severity GitHub Reviewed Published May 20, 2024 to the GitHub Advisory Database • Updated May 20, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname