An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.
CVSS Score
9.6
EPSS Score
0.002
Published
2024-05-07
An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-05-07
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-05-01
Page 2