Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-rc42-6c7j-7h5r: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointRequest.to() has been used in a Spring Security chain configuration * The endpoint which EndpointRequest references is disabled or not exposed via web * Your application handles requests to /null and this path needs protection You are not affected if any of the following is true: * You don't use Spring Security * You don't use EndpointRequest.to() * The endpoint which EndpointRequest.to() refers to is enabled and is exposed * Your application does not handle requests to /null or this path does not need protection

ghsa
Open in Source
#web#git#java#maven
Why Developers Should Care About Generative AI (Even They Aren’t AI Expert)

Software development is about to undergo a generative change. What this means is that AI (Artificial Intelligence) has…

GHSA-9vc3-vm42-fjhm: Moodle's mod_data edit/delete pages pass CSRF token in GET parameter

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.

GHSA-pj96-xh2w-fgqx: Moodle has an IDOR in messaging web service which allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.

GHSA-6g5x-h5x7-q4mq: Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users

A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.

GHSA-c8v6-vxhf-wcrr: Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository

A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.

GHSA-m367-445c-2xqr: Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository

A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.

GHSA-88xj-97gf-7wpq: Moodle has a CSRF risk in user tours manager that allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.

GHSA-cpm7-mv33-jwf8: Moodle's AJAX section delete does not respect course_can_delete_section()

A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.

GHSA-chmf-m33p-ph8m: Moodle allows IDOR in RSS block, which allows access to additional RSS feeds

A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.