Skip to main content
CVE-2022-31267 CRITICAL POC PATCH THREAT Act Now

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole =. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gitblit
NVD GitHub
CVSS 3.1
9.8
EPSS
17.7%
CVE-2022-31259 CRITICAL POC PATCH THREAT Act Now

The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Beego
NVD GitHub
CVSS 3.1
9.8
EPSS
21.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy