CVE-2025-1007

Medium CVSS: 6.9

In OpenVSX version v0.9.0 to v0.20.0, the
/user/namespace/{namespace}/details API allows a user to edit all
namespace details, even if the user is not a namespace Owner or
Contributor. The details include: name, description, website, support
link and social media links. The same issues existed in
/user/namespace/{namespace}/details/logo and allowed a user to change
the logo.

Vendor

Eclipse

Product

Open Vsx

CWE

CWE-283

Yayın Tarihi

2025-02-19 09:15:10

Güncelleme

2025-07-31 12:44:45

Source Identifier

emo@eclipse.org

KEV Date Added

Kategoriler

CWE-283 Open Vsx MEDIUM Eclipse 2025

Referanslar

https://github.com/eclipse/openvsx/security/advisories/GHSA-wc7c-xq2f-qp4h

Benzer Kayıtlar

Critical

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server.…

High

CVE-2026-1605

In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed…

Low

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Different…

Critical

CVE-2026-1699

In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_tar…

Medium

CVE-2026-1188

In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all suppor…

High

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter() function (in threadx/utility/rtos_…