Vulnerabilities > Inedo

DATE CVE VULNERABILITY TITLE RISK
2018-09-26 CVE-2017-15608 Cross-Site Request Forgery (CSRF) vulnerability in Inedo Proget
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
network
inedo CWE-352
4.3
2017-12-01 CVE-2017-17086 Improper Input Validation vulnerability in Inedo Otter
Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.
network
low complexity
inedo CWE-20
7.5
2017-12-01 CVE-2017-15607 Path Traversal vulnerability in Inedo Otter
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
network
low complexity
inedo CWE-22
7.5
2017-11-11 CVE-2017-16520 Improper Privilege Management vulnerability in Inedo Buildmaster
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
network
low complexity
inedo CWE-269
5.0
2017-11-10 CVE-2017-16761 Open Redirect vulnerability in Inedo Buildmaster
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
network
inedo CWE-601
5.8
2017-11-10 CVE-2017-16760 Cross-site Scripting vulnerability in Inedo Buildmaster
Inedo BuildMaster before 5.8.2 has XSS.
network
inedo CWE-79
4.3
2017-11-10 CVE-2017-16521 Unspecified vulnerability in Inedo Buildmaster
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.
network
low complexity
inedo
7.5
2017-09-30 CVE-2017-14944 Improper Input Validation vulnerability in Inedo Proget
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
network
low complexity
inedo CWE-20
5.0