Olivetin

Olivetin

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-32102

Exploit
  • EPSS 0.02%
  • Veröffentlicht 11.03.2026 20:05:16
  • Zuletzt bearbeitet 17.03.2026 15:34:48

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authoriza...

8.5

CVE-2026-31817

Exploit
  • EPSS 0.29%
  • Veröffentlicht 10.03.2026 21:08:53
  • Zuletzt bearbeitet 12.03.2026 18:12:18

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the ...

4.3

CVE-2026-30233

Exploit
  • EPSS 0.02%
  • Veröffentlicht 06.03.2026 21:16:17
  • Zuletzt bearbeitet 12.03.2026 15:19:08

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and ...

8.8

CVE-2026-30223

Exploit
  • EPSS 0.04%
  • Veröffentlicht 06.03.2026 21:16:16
  • Zuletzt bearbeitet 12.03.2026 16:05:52

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" (local RSA public key) or "authJwtHmacSecret" (HMAC secret), the configured au...

5.4

CVE-2026-30224

Exploit
  • EPSS 0.04%
  • Veröffentlicht 06.03.2026 21:16:16
  • Zuletzt bearbeitet 12.03.2026 15:57:33

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid i...

4.3

CVE-2026-30225

Exploit
  • EPSS 0.08%
  • Veröffentlicht 06.03.2026 21:16:16
  • Zuletzt bearbeitet 12.03.2026 15:46:39

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitt...

7.5

CVE-2026-28790

Exploit
  • EPSS 0.08%
  • Veröffentlicht 05.03.2026 19:34:53
  • Zuletzt bearbeitet 10.03.2026 15:29:58

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.0, OliveTin allows an unauthenticated guest to terminate running actions through KillAction even when authRequireGuestsToLogin: true is enabled. Guests ...

7.5

CVE-2026-28789

Exploit
  • EPSS 0.14%
  • Veröffentlicht 05.03.2026 19:33:46
  • Zuletzt bearbeitet 10.03.2026 15:42:11

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchron...

7.5

CVE-2026-28342

Exploit
  • EPSS 0.43%
  • Veröffentlicht 05.03.2026 19:33:44
  • Zuletzt bearbeitet 10.03.2026 15:43:24

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.2, the PasswordHash API endpoint allows unauthenticated users to trigger excessive memory allocation by sending concurrent password hashing requests. By...

9.9

CVE-2026-27626

Exploit
  • EPSS 0.15%
  • Veröffentlicht 25.02.2026 03:16:06
  • Zuletzt bearbeitet 27.02.2026 18:58:46

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check (`checkShellArgumentSafety`) blocks several dangerous argument types but not `password`. A user sup...