CVE-2026-32102
Broken Access Control in OliveTin EventStream Causes Data Leak
Publication date: 2026-03-11
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| olivetin | olivetin | to 3000.10.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in OliveTin version 3000.10.2 and earlier, where the application broadcasts execution events and action outputs to authenticated dashboard subscribers without enforcing proper per-action authorization.
As a result, a low-privileged authenticated user can receive output from actions they are not authorized to view, leading to broken access control and disclosure of sensitive information.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing low-privileged users to access sensitive information that they should not be able to see.
This broken access control can lead to unauthorized disclosure of sensitive data, potentially compromising system security and confidentiality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know