CVE-2023-38335

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".

Related Vulnerabilities

CVE-2017-1000089

MEDIUM
CVSS:5.3(Medium)

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the b...

CWE-2762017

CVE-2018-12160

MEDIUM
CVSS:5.3(Medium)

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory pe...

CWE-2762018

CVE-2019-14861

MEDIUM
CVSS:5.3(Medium)

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS recor...

CWE-2762019

CVE-2019-18366

MEDIUM
CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.

CWE-2762019

CVE-2019-18367

MEDIUM
CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

CWE-2762019

CVE-2019-18369

MEDIUM
CVSS:5.3(Medium)

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

CWE-2762019