It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
Max CVSS
7.5
EPSS Score
0.12%
Published
2022-03-25
Updated
2022-04-07
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Max CVSS
7.9
EPSS Score
0.12%
Published
2022-02-16
Updated
2023-11-09
It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks.
Max CVSS
7.3
EPSS Score
0.09%
Published
2021-06-01
Updated
2022-06-03
A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login CSRF. An attacker could use this flaw to access unauthorized information or conduct further attacks.
Max CVSS
8.8
EPSS Score
0.07%
Published
2021-05-26
Updated
2023-02-12
4 vulnerabilities found