Olivetin

Olivetin

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-30233

  • EPSS -
  • Veröffentlicht 06.03.2026 21:16:17
  • Zuletzt bearbeitet 06.03.2026 21:16:17

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and ...

8.8

CVE-2026-30223

  • EPSS -
  • Veröffentlicht 06.03.2026 21:16:16
  • Zuletzt bearbeitet 06.03.2026 21:16:16

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" (local RSA public key) or "authJwtHmacSecret" (HMAC secret), the configured au...

5.4

CVE-2026-30224

  • EPSS -
  • Veröffentlicht 06.03.2026 21:16:16
  • Zuletzt bearbeitet 06.03.2026 21:16:16

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid i...

5.3

CVE-2026-30225

  • EPSS -
  • Veröffentlicht 06.03.2026 21:16:16
  • Zuletzt bearbeitet 06.03.2026 21:16:16

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitt...

7.5

CVE-2026-28790

  • EPSS 0.06%
  • Veröffentlicht 05.03.2026 19:34:53
  • Zuletzt bearbeitet 06.03.2026 18:16:19

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests ...

7.5

CVE-2026-28789

  • EPSS 0.09%
  • Veröffentlicht 05.03.2026 19:33:46
  • Zuletzt bearbeitet 06.03.2026 18:16:19

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchron...

7.5

CVE-2026-28342

  • EPSS 0.06%
  • Veröffentlicht 05.03.2026 19:33:44
  • Zuletzt bearbeitet 06.03.2026 18:16:17

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By...

9.9

CVE-2026-27626

Exploit
  • EPSS 0.13%
  • Veröffentlicht 25.02.2026 03:16:06
  • Zuletzt bearbeitet 27.02.2026 18:58:46

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check (`checkShellArgumentSafety`) blocks several dangerous argument types but not `password`. A user sup...

6.5

CVE-2025-50946

Exploit
  • EPSS 2.3%
  • Veröffentlicht 13.08.2025 00:00:00
  • Zuletzt bearbeitet 17.10.2025 17:58:09

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.