Abhiabhi2306

**Name of the Vulnerable Software and Affected Versions** Chamilo LMS versions prior to 2.0.0-RC.3 **Description** The notebook module contains an Insecure Direct Object Reference (IDOR) - a flaw where an application provides direct access to objects based on user-supplied input. This allows any authenticated student to read private course notes of other users by manipulating the `notebook id` parameter in the 'editnote' action. The application retrieves note content using the provided integer ID without verifying user ownership in the `get note information()` function, resulting in the full title and HTML body being returned to the browser. **Recommendations** Update to version 2.0.0-RC.3.

**Name of the Vulnerable Software and Affected Versions** Tenable for Jira Cloud versions prior to 1.1.21 **Description** The issue allows an attacker with local access to the host to run arbitrary code by running the application with a specially crafted YAML configuration file. This is possible due to the use of the `yaml.load()` method, which can execute arbitrary commands. The problem is fixed in version 1.1.21 by using `yaml.safe load()` instead of `yaml.load()`. **Recommendations** For versions prior to 1.1.21, update to version 1.1.21 or later, which uses `yaml.safe load()` instead of `yaml.load()` to prevent arbitrary code execution. As a temporary workaround, consider manually adjusting `yaml.load()` to `yaml.safe load()` in the affected configuration files.