Описание
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unattended.
Ссылки
- Patch
- Issue Tracking
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.15 (исключая)
cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.00012
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-286
Связанные уязвимости
CVSS3: 9.8
debian
около 2 месяцев назад
Weblate is a web based localization tool. In versions prior to 5.15, i ...
github
около 2 месяцев назад
Weblate has improper validation upon invitation acceptance
EPSS
Процентиль: 1%
0.00012
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-286