Back to search
CVE-2026-32102
Published: Mar 11, 2026
Modified: Mar 12, 2026
PUBLISHED
Description
OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.
| Vendor | Product | Versions |
|---|---|---|
OliveTin | OliveTin | affected < 3000.10.2 |
References
https://github.com/OliveTin/OliveTin/security/advisories/GHSA-228v-wc5r-j8m7
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now