Olivetin

Olivetin

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2026-48709

  • EPSS 0.33%
  • Veröffentlicht 15.06.2026 20:13:18
  • Zuletzt bearbeitet 24.06.2026 17:17:01

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all othe...

7.5

CVE-2026-48708

  • EPSS 0.4%
  • Veröffentlicht 15.06.2026 19:59:27
  • Zuletzt bearbeitet 24.06.2026 17:17:01

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level variable in service/internal/tpl/templates.go) across...

6.5

CVE-2026-32102

Exploit
  • EPSS 0.43%
  • Veröffentlicht 11.03.2026 20:05:16
  • Zuletzt bearbeitet 17.03.2026 15:34:48

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authoriza...

8.5

CVE-2026-31817

Exploit
  • EPSS 0.71%
  • Veröffentlicht 10.03.2026 21:08:53
  • Zuletzt bearbeitet 12.03.2026 18:12:18

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the ...

4.3

CVE-2026-30233

Exploit
  • EPSS 0.42%
  • Veröffentlicht 06.03.2026 21:16:17
  • Zuletzt bearbeitet 12.03.2026 15:19:08

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and ...

8.8

CVE-2026-30223

Exploit
  • EPSS 0.3%
  • Veröffentlicht 06.03.2026 21:16:16
  • Zuletzt bearbeitet 12.03.2026 16:05:52

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" (local RSA public key) or "authJwtHmacSecret" (HMAC secret), the configured au...

5.4

CVE-2026-30224

Exploit
  • EPSS 0.3%
  • Veröffentlicht 06.03.2026 21:16:16
  • Zuletzt bearbeitet 12.03.2026 15:57:33

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid i...

4.3

CVE-2026-30225

Exploit
  • EPSS 0.41%
  • Veröffentlicht 06.03.2026 21:16:16
  • Zuletzt bearbeitet 12.03.2026 15:46:39

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitt...

7.5

CVE-2026-28790

Exploit
  • EPSS 0.65%
  • Veröffentlicht 05.03.2026 19:34:53
  • Zuletzt bearbeitet 10.03.2026 15:29:58

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests ...

7.5

CVE-2026-28789

Exploit
  • EPSS 0.39%
  • Veröffentlicht 05.03.2026 19:33:46
  • Zuletzt bearbeitet 10.03.2026 15:42:11

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchron...