9239 matches found
CVE-2024-2215
A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...
CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
CVE-2024-2215
A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...
CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
Design/Logic Flaw
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
GHSA-6Q4W-9X56-RMWQ Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
Summary Use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Details Node childprocess IPC relies on the JS side to pass the raw IPC file descript...
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
Summary Use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Details Node childprocess IPC relies on the JS side to pass the raw IPC file descript...
CVE-2024-2215
A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...
CVE-2024-2216
CVE-2024-2216 affects the Jenkins docker-build-step Plugin (versions 2.11 and earlier). The issue is a missing permission check on an HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL and to reconfigure the plugin using the p...
CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
CVE-2024-2215
CVE-2024-2215 : CSRF vulnerability in Jenkins docker-build-step Plugin (version ≤ 2.11) allows an attacker to connect to an attacker-specified TCP/Unix socket URL and reconfigure the plugin using provided connection test parameters, impacting subsequent build step executions. The description from...
CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
CVE-2024-2215
A cross-site request forgery CSRF vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions...
Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. "The attackers...
BIT-GITLAB-2020-10952
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...
BIT-GITLAB-2020-13347
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKERAUTHCONFIG build variable...
New Linux Malware Alert: ‘Spinning YARN’ Hits Docker, Other Key Apps
By Deeba Ahmed Another day, another Linux malware! This is a post from HackRead.com Read the original post: New Linux Malware Alert: Spinning YARN Hits Docker, Other Key Apps...
BIT-GITLAB-2021-39939
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to...
BIT-VAULT-2020-35192
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
Cyberspace Mapping Dork Fofa app="JETBRAINS-TeamCity...