rpm package
suse/uyuni-tools&distro=SUSE Manager Client Tools 12-BETA
pkg:rpm/suse/uyuni-tools&distro=SUSE%20Manager%20Client%20Tools%2012-BETA
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-1313 | Med | 6.5 | < 0.1.9-3.11.4 | 0.1.9-3.11.4 | Mar 26, 2024 | It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the per | |
| CVE-2023-6152 | — | < 0.1.7-3.8.1 | 0.1.7-3.8.1 | Feb 13, 2024 | A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. |
- affected < 0.1.9-3.11.4fixed 0.1.9-3.11.4
It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the per
- CVE-2023-6152Feb 13, 2024affected < 0.1.7-3.8.1fixed 0.1.7-3.8.1
A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up.