CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3521 – luci: unauthorized administrative access granted to non-administrative users
https://notcve.org/view.php?id=CVE-2014-3521
16 Sep 2014 — The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. El componente en (1) /luci/homebase y (2) /luci/cluster menu en Red Hat Conga 0.12.2 permite a usuarios remotos autenticados evadir las restricciones de acceso a través de una URL manipulada. It was discovered that various components in the luci site extension-related URLs were not properly restricted to administrative users. A rem... • http://rhn.redhat.com/errata/RHSA-2014-1194.html • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6496 – conga: Multiple information leak flaws in various luci site extensions
https://notcve.org/view.php?id=CVE-2013-6496
16 Sep 2014 — Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension. Red Hat Conga 0.12.2 permite a atacantes remotos obtener información sensible a través de una solicitud manipulada en la extensión (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, o (5) logs Luci. Multiple information leak flaws were found in the way conga processed luci site extension-related UR... • http://rhn.redhat.com/errata/RHSA-2014-1194.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •