6.5

CVE-2026-30233

EPSS -
Veröffentlicht 06.03.2026 21:16:17
Zuletzt bearbeitet 06.03.2026 21:16:17
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution (exec) may be correctly denied, the backend does not enforce IsAllowedView() when constructing dashboard and action binding responses. As a result, restricted users can retrieve action titles, IDs, icons, and argument metadata. This issue has been patched in version 3000.11.1.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 2 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerOliveTin

≫

Produkt OliveTin

Version < 3000.11.1

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/OliveTin/OliveTin/releases/tag/3000.11.1

https://github.com/OliveTin/OliveTin/commit/d7962710e7c46f6bdda4188b5b0cdbde4be665a0

https://github.com/OliveTin/OliveTin/security/advisories/GHSA-jf73-858c-54pg

https://nvd.nist.gov/vuln/detail/CVE-2026-30233

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-30233

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-30233

EUVD