Vulnerabilities > Casbin

DATE CVE VULNERABILITY TITLE RISK
2024-08-20 CVE-2024-41657 Incorrect Comparison vulnerability in Casbin Casdoor
Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform.
network
low complexity
casbin CWE-697
8.8
2024-08-20 CVE-2024-41658 Cross-site Scripting vulnerability in Casbin Casdoor
Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform.
network
low complexity
casbin CWE-79
6.1
2024-08-01 CVE-2024-41264 Improper Certificate Validation vulnerability in Casbin Casdoor 1.636.0
An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.
network
low complexity
casbin CWE-295
7.5
2023-06-22 CVE-2023-34927 Cross-Site Request Forgery (CSRF) vulnerability in Casbin Casdoor
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password.
network
low complexity
casbin CWE-352
6.5
2022-12-07 CVE-2022-44942 Path Traversal vulnerability in Casbin Casdoor
Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.
network
low complexity
casbin CWE-22
8.1
2022-09-09 CVE-2022-38638 Path Traversal vulnerability in Casbin Casdoor 1.97.3
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.
network
low complexity
casbin CWE-22
critical
9.1
2022-01-29 CVE-2022-24124 SQL Injection vulnerability in Casbin Casdoor
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
network
low complexity
casbin CWE-89
7.5