Vulnerabilites related to cerebrate-project - cerebrate
Vulnerability from fkie_nvd
Published
2023-08-29 05:15
Modified
2024-11-21 08:21
Severity ?
Summary
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerebrate-project | cerebrate | 1.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E86FB565-5C5E-4877-970B-184B0012D3A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users."
},
{
"lang": "es",
"value": "En Cerebrate v1.14, una vulnerabilidad en \"UserSettingsController\" permite a los usuarios autenticados cambiar la configuraci\u00f3n de usuario de otros usuarios. "
}
],
"id": "CVE-2023-41363",
"lastModified": "2024-11-21T08:21:09.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T05:15:43.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/8e616180ba0d6a1fcb8326dbe39307960ee1946c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/8e616180ba0d6a1fcb8326dbe39307960ee1946c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-27 03:15
Modified
2025-02-19 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerebrate-project | cerebrate | 1.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC9D276-F497-4347-9E8D-70EEEDD450B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint."
}
],
"id": "CVE-2023-28883",
"lastModified": "2025-02-19T17:15:13.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-27T03:15:07.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/5f1c99cd534442ec40c2129769608e3e61ff8be3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-blind-sql-injection/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/5f1c99cd534442ec40c2129769608e3e61ff8be3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-blind-sql-injection/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-18 06:15
Modified
2024-11-21 06:51
Severity ?
Summary
An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerebrate-project | cerebrate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94801AF4-44EE-499D-AD31-99E3EA6C79E2",
"versionEndIncluding": "1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Cerebrate versiones hasta 1.4. Los endpoints pod\u00edan estar abiertos incluso cuando no estaban habilitados"
}
],
"id": "CVE-2022-25319",
"lastModified": "2024-11-21T06:51:59.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T06:15:10.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-18 06:15
Modified
2024-11-21 06:51
Severity ?
Summary
An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerebrate-project | cerebrate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94801AF4-44EE-499D-AD31-99E3EA6C79E2",
"versionEndIncluding": "1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Cerebrate versiones hasta 1.4. Se pod\u00eda producir un ataque de tipo XSS en el componente bookmarks"
}
],
"id": "CVE-2022-25321",
"lastModified": "2024-11-21T06:51:59.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T06:15:10.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/14ec995c2bd618b181197dc6b64e63fd966b4860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/e13b4e7bc5f1a0ff59b52162cc99405e89c0544a"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-cross-site-scripting-xss-in-bookmarks/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-be-careful-with-reflections-for-your-web-application-security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/14ec995c2bd618b181197dc6b64e63fd966b4860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/e13b4e7bc5f1a0ff59b52162cc99405e89c0544a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-cross-site-scripting-xss-in-bookmarks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-be-careful-with-reflections-for-your-web-application-security/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-05 07:15
Modified
2024-11-21 08:21
Severity ?
Summary
Cerebrate before 1.15 lacks the Secure attribute for the session cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerebrate-project | cerebrate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE11F1CF-0968-4E5C-B646-1F5C2BCB9B1E",
"versionEndExcluding": "1.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cerebrate before 1.15 lacks the Secure attribute for the session cookie."
},
{
"lang": "es",
"value": "Cerebrate antes de la versi\u00f3n 1.15 carece del atributo \"Secure\" para la cookie de sesi\u00f3n. "
}
],
"id": "CVE-2023-41908",
"lastModified": "2024-11-21T08:21:53.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T07:15:14.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/9be81055651649658243b5aa274b175064bfc6db"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/compare/v1.14...v1.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/9be81055651649658243b5aa274b175064bfc6db"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/compare/v1.14...v1.15"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-24 00:15
Modified
2024-11-21 07:51
Severity ?
Summary
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerebrate-project | cerebrate | 1.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "087278E9-F2B1-4D6E-B2FF-D4C458DBD969",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cerebrate 1.12 does not properly consider organisation_id during creation of API keys."
}
],
"id": "CVE-2023-26468",
"lastModified": "2024-11-21T07:51:33.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-24T00:15:12.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/7ccf9252470a23acc38ad6ed13eecf523e368b48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/7ccf9252470a23acc38ad6ed13eecf523e368b48"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-18 06:15
Modified
2024-11-21 06:51
Severity ?
Summary
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerebrate-project | cerebrate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94801AF4-44EE-499D-AD31-99E3EA6C79E2",
"versionEndIncluding": "1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Cerebrate versiones hasta 1.4. genericForm permite reflejar un ataque de tipo XSS en las descripciones de los formularios por medio de una descripci\u00f3n controlada por el usuario"
}
],
"id": "CVE-2022-25317",
"lastModified": "2024-11-21T06:51:59.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T06:15:10.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
},
{
"source": "cve@mitre.org",
"url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-18 06:15
Modified
2024-11-21 06:51
Severity ?
Summary
An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cerebrate-project/cerebrate/commit/88f3cc794486276a1f7e7331adb8ecb2dabd672f | Patch, Third Party Advisory | |
| cve@mitre.org | https://zigrin.com/advisories/cerebrate-username-enumeration/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cerebrate-project/cerebrate/commit/88f3cc794486276a1f7e7331adb8ecb2dabd672f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zigrin.com/advisories/cerebrate-username-enumeration/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerebrate-project | cerebrate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94801AF4-44EE-499D-AD31-99E3EA6C79E2",
"versionEndIncluding": "1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. Username enumeration could occur."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Cerebrate versiones hasta 1.4. Pod\u00eda producirse una enumeraci\u00f3n de nombres de usuario"
}
],
"id": "CVE-2022-25320",
"lastModified": "2024-11-21T06:51:59.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T06:15:10.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/88f3cc794486276a1f7e7331adb8ecb2dabd672f"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-username-enumeration/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/88f3cc794486276a1f7e7331adb8ecb2dabd672f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-username-enumeration/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-18 06:15
Modified
2024-11-21 06:51
Severity ?
Summary
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cerebrate-project | cerebrate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cerebrate-project:cerebrate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94801AF4-44EE-499D-AD31-99E3EA6C79E2",
"versionEndIncluding": "1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Cerebrate versiones hasta 1.4. Una ACL incorrecta de grupos compartidos permit\u00eda a un usuario no privilegiado editar y modificar los grupos compartidos"
}
],
"id": "CVE-2022-25318",
"lastModified": "2024-11-21T06:51:59.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-18T06:15:10.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/15190b930ebada9e8d294db57c96832799d9d93e"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-an-incorrect-sharing-group-acl/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/15190b930ebada9e8d294db57c96832799d9d93e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://zigrin.com/advisories/cerebrate-an-incorrect-sharing-group-acl/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-41363
Vulnerability from cvelistv5
Published
2023-08-29 00:00
Modified
2024-10-01 20:40
Severity ?
EPSS score ?
Summary
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:35.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/8e616180ba0d6a1fcb8326dbe39307960ee1946c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T20:40:34.288512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T20:40:43.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T04:31:53.478876",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/8e616180ba0d6a1fcb8326dbe39307960ee1946c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41363",
"datePublished": "2023-08-29T00:00:00",
"dateReserved": "2023-08-29T00:00:00",
"dateUpdated": "2024-10-01T20:40:43.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28883
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2025-02-19 17:07
Severity ?
EPSS score ?
Summary
In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/5f1c99cd534442ec40c2129769608e3e61ff8be3"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-blind-sql-injection/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T17:07:06.173045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T17:07:13.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:18:01.636Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/5f1c99cd534442ec40c2129769608e3e61ff8be3"
},
{
"url": "https://zigrin.com/advisories/cerebrate-blind-sql-injection/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28883",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-19T17:07:13.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25321
Vulnerability from cvelistv5
Published
2022-02-18 00:00
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/14ec995c2bd618b181197dc6b64e63fd966b4860"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/e13b4e7bc5f1a0ff59b52162cc99405e89c0544a"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-be-careful-with-reflections-for-your-web-application-security/"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-cross-site-scripting-xss-in-bookmarks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:52:17.857864",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/14ec995c2bd618b181197dc6b64e63fd966b4860"
},
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/e13b4e7bc5f1a0ff59b52162cc99405e89c0544a"
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-be-careful-with-reflections-for-your-web-application-security/"
},
{
"url": "https://zigrin.com/advisories/cerebrate-cross-site-scripting-xss-in-bookmarks/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25321",
"datePublished": "2022-02-18T00:00:00",
"dateReserved": "2022-02-18T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25318
Vulnerability from cvelistv5
Published
2022-02-18 00:00
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/15190b930ebada9e8d294db57c96832799d9d93e"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-an-incorrect-sharing-group-acl/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:51:55.660080",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/15190b930ebada9e8d294db57c96832799d9d93e"
},
{
"url": "https://zigrin.com/advisories/cerebrate-an-incorrect-sharing-group-acl/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25318",
"datePublished": "2022-02-18T00:00:00",
"dateReserved": "2022-02-18T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25320
Vulnerability from cvelistv5
Published
2022-02-18 00:00
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
An issue was discovered in Cerebrate through 1.4. Username enumeration could occur.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/88f3cc794486276a1f7e7331adb8ecb2dabd672f"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-username-enumeration/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. Username enumeration could occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:52:09.880703",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/88f3cc794486276a1f7e7331adb8ecb2dabd672f"
},
{
"url": "https://zigrin.com/advisories/cerebrate-username-enumeration/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25320",
"datePublished": "2022-02-18T00:00:00",
"dateReserved": "2022-02-18T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26468
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Cerebrate 1.12 does not properly consider organisation_id during creation of API keys.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/7ccf9252470a23acc38ad6ed13eecf523e368b48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerebrate 1.12 does not properly consider organisation_id during creation of API keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/7ccf9252470a23acc38ad6ed13eecf523e368b48"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26468",
"datePublished": "2023-02-23T00:00:00",
"dateReserved": "2023-02-23T00:00:00",
"dateUpdated": "2024-08-02T11:53:53.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41908
Vulnerability from cvelistv5
Published
2023-09-05 00:00
Modified
2024-09-30 15:49
Severity ?
EPSS score ?
Summary
Cerebrate before 1.15 lacks the Secure attribute for the session cookie.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/9be81055651649658243b5aa274b175064bfc6db"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/compare/v1.14...v1.15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:49:38.462879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:49:49.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cerebrate before 1.15 lacks the Secure attribute for the session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T06:13:45.729108",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/9be81055651649658243b5aa274b175064bfc6db"
},
{
"url": "https://github.com/cerebrate-project/cerebrate/compare/v1.14...v1.15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41908",
"datePublished": "2023-09-05T00:00:00",
"dateReserved": "2023-09-05T00:00:00",
"dateUpdated": "2024-09-30T15:49:49.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25317
Vulnerability from cvelistv5
Published
2022-02-18 00:00
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T13:05:24.628062",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/e60d97c214f9ac6df90c87241b3b3554afc06238"
},
{
"url": "https://zigrin.com/advisories/cerebrate-reflected-xss-in-form-descriptions/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25317",
"datePublished": "2022-02-18T00:00:00",
"dateReserved": "2022-02-18T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25319
Vulnerability from cvelistv5
Published
2022-02-18 00:00
Modified
2024-11-19 19:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/"
},
{
"tags": [
"x_transferred"
],
"url": "https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T16:41:46.454427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:32:06.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T21:52:03.999569",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61"
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/"
},
{
"url": "https://zigrin.com/advisories/cerebrate-endpoints-could-be-open-when-not-enabled/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25319",
"datePublished": "2022-02-18T00:00:00",
"dateReserved": "2022-02-18T00:00:00",
"dateUpdated": "2024-11-19T19:32:06.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}