This issue only occurred when the domain object was created via the API. When creating an instance via the REST API or the query builder, this issue could not be exploited.

Issues with API Access Control

This issue only occurs when the domain object is created via the API. When creating an instance via the REST API or the query builder, this issue could not be exploited.

CVE-2021-42464

This issue only occurred when the domain object was created via the API. When creating an instance via the REST API or the query builder, this issue could not be exploited.

Why Outsourcing SEO Can Be a Good Idea: People are more likely to click through when they see something visually appealing than if they see text only.

CVE-2023-44104

The vulnerability was discovered in the REST API when parsing a payload.
This issue only occurred when the domain object was created via the API. When creating an instance via the REST API or the query builder, this issue could not be exploited.

Vulnerabilities Affecting OAuth 2.0 Systems

OAuth 2.0 is a widely used protocol that allows users to access third-party applications without sharing their credentials. One of the flaws in OAuth 2.0 is that the original client_id and client_secret are not returned when using the API call to create a new resource. This means it's possible for an attacker to get ahold of a valid application's credentials without knowing the user's password, which could lead to further attacks on other applications within the same domain, or even stealing other users’ data within those apps.

Timeline

Published on: 10/19/2022 08:15:00 UTC
Last modified on: 10/21/2022 16:31:00 UTC

References