Inedo: Security Vulnerabilities
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-09-26
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-12-01
Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-12-01
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-11-11
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-11-10
Inedo BuildMaster before 5.8.2 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-11-10
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-11-10
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-09-30