Inedo

inedo

8 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-15608 1Inedo 1Proget Nov 21, 2024 Sep 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
CVE-2017-17086 1Inedo 1Otter May 13, 2026 Dec 1, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the...Show more Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.Show less
CVE-2017-15607 1Inedo 1Otter May 13, 2026 Dec 1, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
CVE-2017-16520 1Inedo 1Buildmaster May 13, 2026 Nov 11, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
CVE-2017-16761 1Inedo 1Buildmaster May 13, 2026 Nov 10, 2017 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
CVE-2017-16760 1Inedo 1Buildmaster May 13, 2026 Nov 10, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Inedo BuildMaster before 5.8.2 has XSS.
CVE-2017-16521 1Inedo 1Buildmaster May 13, 2026 Nov 10, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.
CVE-2017-14944 1Inedo 1Proget May 13, 2026 Sep 30, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.