CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15608
https://notcve.org/view.php?id=CVE-2017-15608
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. Inedo ProGet en versiones anteriores a la 5.0 Beta5 tiene Cross-Site Request Forgery (CSRF), lo que permite que un atacante cambie opciones avanzadas. • https://inedo.com/blog/proget-50-beta5-released https://inedo.myjetbrains.com/youtrack/issue/PG-1118 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15607
https://notcve.org/view.php?id=CVE-2017-15607
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. Inedo Otter en versiones anteriores a la 1.7.4 tiene una vulnerabilidad de salto de directorio en los rafts basados en el sistema de archivos mediante vectores que incluyen caracteres "/" o caracteres iniciales ".". Esta vulnerabilidad también se conoce como OT-181. • https://inedo.com/blog/otter-174-released https://inedo.myjetbrains.com/youtrack/issue/OT-181 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17086
https://notcve.org/view.php?id=CVE-2017-17086
Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor. Inedo Otter hasta la versión 1.7.4 gestiona de manera incorrecta una subcadena "/script" en una carga útil DP inicial, lo que permite que los atacantes remotos causen una denegación de servicio (DoS) o posiblemente otro impacto no especificado, tal y como se demuestra con Plan Editor. • https://inedo.myjetbrains.com/youtrack/issue/ILIB-11 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16520
https://notcve.org/view.php?id=CVE-2017-16520
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. Las versiones anteriores a la 5.8.2 de Inedo BuildMaster no restringen correctamente la creación de escuchas de eventos RequireManageAllPrivileges. • https://inedo.com/blog/buildmaster-582-released https://inedo.com/buildmaster/versions#v5.8 https://inedo.myjetbrains.com/youtrack/issue/BM-3107 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16761
https://notcve.org/view.php?id=CVE-2017-16761
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. Una vulnerabilidad de redirección abierta en Inedo BuildMaster en versiones anteriores a la 5.8.2 permite que atacantes remotos redireccionen usuarios a sitios web arbitrarios. • https://inedo.com/blog/buildmaster-582-released https://inedo.com/buildmaster/versions#v5.8 https://inedo.myjetbrains.com/youtrack/issue/BM-3101 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •