xo-web@5.7.10 vulnerabilities
Web interface client for Xen-Orchestra
-
latest version
5.7.10
-
first published
10 years ago
-
latest version published
8 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the xo-web package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Improper Access Control. Permissions enforcement through WebSockets are not thoroughly checked and can lead to an unprivileged user to obtain data only accessible by admin, such as VMs, Backups, Audit, Users, and Groups. The WebSockets that control the application API allow access to certain elements based purely on the response. For example, an attacker could manipulate the response of the How to fix Improper Access Control? There is no fixed version for |
*
|