CVE-2022-42466 An end user could set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value is saved.
This issue only occurred when the domain object was created via the API. When creating an instance via the REST API or the query builder, this issue could not be exploited.
Issues with API Access Control
This issue only occurs when the domain object is created via the API. When creating an instance via the REST API or the query builder, this issue could not be exploited.
CVE-2021-42464
This issue only occurred when the domain object was created via the API. When creating an instance via the REST API or the query builder, this issue could not be exploited.
Why Outsourcing SEO Can Be a Good Idea: People are more likely to click through when they see something visually appealing than if they see text only.
CVE-2023-44104
The vulnerability was discovered in the REST API when parsing a payload.
This issue only occurred when the domain object was created via the API. When creating an instance via the REST API or the query builder, this issue could not be exploited.
Vulnerabilities Affecting OAuth 2.0 Systems
OAuth 2.0 is a widely used protocol that allows users to access third-party applications without sharing their credentials. One of the flaws in OAuth 2.0 is that the original client_id and client_secret are not returned when using the API call to create a new resource. This means it's possible for an attacker to get ahold of a valid application's credentials without knowing the user's password, which could lead to further attacks on other applications within the same domain, or even stealing other users’ data within those apps.
Timeline
Published on: 10/19/2022 08:15:00 UTC
Last modified on: 10/21/2022 16:31:00 UTC