Vulnerabilities > Linuxfoundation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2022-31667 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions. | 6.4 |
| 2024-10-10 | CVE-2024-9798 | Cleartext Storage of Sensitive Information vulnerability in Linuxfoundation Zowe API Mediation Layer The health endpoint is public so everybody can see a list of all services. | 5.3 |
| 2024-10-10 | CVE-2024-9802 | Cleartext Storage of Sensitive Information vulnerability in Linuxfoundation Zowe API Mediation Layer The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. | 5.3 |
| 2024-09-17 | CVE-2024-45815 | Unspecified vulnerability in Linuxfoundation Backstage Backstage is an open framework for building developer portals. | 6.5 |
| 2024-09-17 | CVE-2024-45816 | Path Traversal vulnerability in Linuxfoundation Backstage Backstage is an open framework for building developer portals. | 6.5 |
| 2024-09-17 | CVE-2024-46976 | Cross-site Scripting vulnerability in Linuxfoundation Backstage Backstage is an open framework for building developer portals. | 5.4 |
| 2024-09-02 | CVE-2024-20084 | Out-of-bounds Read vulnerability in multiple products In power, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
| 2024-09-02 | CVE-2024-20085 | Out-of-bounds Read vulnerability in multiple products In power, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
| 2024-08-02 | CVE-2024-22278 | Unspecified vulnerability in Linuxfoundation Harbor Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. | 4.3 |
| 2024-01-04 | CVE-2023-6944 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in the Red Hat Developer Hub (RHDH). | 5.7 |