CVE-2023-29058

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.

Related Vulnerabilities

CVE-2017-0369

MEDIUM
CVSS:6.5(Medium)

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.

CWE-2762017

CVE-2017-1000084

MEDIUM
CVSS:6.5(Medium)

Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in...

CWE-2762017

CVE-2018-13286

MEDIUM
CVSS:6.5(Medium)

Incorrect default permissions vulnerability in synouser.conf in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to obtain sensitive information via the world re...

CWE-2762018

CVE-2018-13287

MEDIUM
CVSS:6.5(Medium)

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readab...

CWE-2762018

CVE-2019-10463

MEDIUM
CVSS:6.5(Medium)

A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CWE-2762019

CVE-2019-10469

MEDIUM
CVSS:6.5(Medium)

A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credenti...

CWE-2762019