Please report (suspected) security vulnerabilities to [email protected]. You should receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity, but historically within a few days.
Security: ManageIQ/manageiq
Security
SECURITY.md
-
Cross Site Scripting in report menu title / HTML Code InjectionGHSA-64x7-6p52-c927 published
Aug 17, 2020 by FryguyModerate -
Missing access control leads to escalation of admin group privilegesGHSA-h59j-h2m8-8rf2 published
Aug 17, 2020 by FryguyHigh -
Missing functional level access control & IDOR lead to compromiseGHSA-cqhg-v344-cfh6 published
Aug 17, 2020 by FryguyHigh -
Business logic bypass through widgetsGHSA-2r6j-p8gp-5649 published
Aug 17, 2020 by FryguyHigh
Learn more about advisories related to ManageIQ/manageiq in the GitHub Advisory Database