CVE-2024-4226

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-276
View all →

Vulnerability Description

It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.

Related Vulnerabilities

CVE-2025-48070

LOW
CVSS:3.5(Low)

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. T...

CWE-2762025

CVE-2019-17052

LOW
CVSS:3.3(Low)

ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CI...

CWE-2762019

CVE-2019-17053

LOW
CVSS:3.3(Low)

ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw so...

CWE-2762019

CVE-2019-17054

LOW
CVSS:3.3(Low)

atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka ...

CWE-2762019

CVE-2019-17056

LOW
CVSS:3.3(Low)

llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CI...

CWE-2762019

CVE-2019-18900

LOW
CVSS:3.3(Low)

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used...

CWE-2762019