kimai/kimai Security Advisories for 1.0 (3)
-
[MEDIUM] Kimai API returns timesheet entries a user should not be authorized to view
PKSA-x5fv-txyx-qvzn CVE-2024-29200 GHSA-cj3c-5xpm-cx94
Affected version: <2.13.0
Reported by:
GitHub -
[HIGH] Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
PKSA-7k8c-hhnj-9sqr CVE-2023-46245 GHSA-fjhg-96cp-6fcw
Affected version: <2.1.0
Reported by:
GitHub -
[CRITICAL] Cross-site Scripting in kimai/kimai
PKSA-7mp4-yg6d-q7xs CVE-2020-19825 GHSA-r58m-v5pr-jhhq
Affected version: <1.1
Reported by:
GitHub