9239 matches found
Jenkins docker-build-step Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins docker-build-step...
Jenkins docker-build-step Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2024-19247 · Jenkins · Jenkins Docker-Build-Step Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins docker-build-step Plugin versions 2.11 and earlier Description: A missing permission check in an HTTP endpoint allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigur...
PT-2024-19236 · Jenkins · Jenkins Docker-Build-Step Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins docker-build-step Plugin versions 2.11 and earlier Description: A cross-site request forgery issue allows attackers to connect to a specified TCP or Unix socket URL and reconfigure the plugin, affecting future build step executions...
Amazon Linux 2023 : docker (ALAS2023-2024-542)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-542 advisory. 2024-08-28: CVE-2023-45289 was added to this advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from...
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: spark-operator, src-fingerprint, aws-efs-csi-driver, kube-bench, influx, flux, gomplate, volume-modifier-for-k8s, prometheus-pushgateway, flux-image-automation-controller, nfs-subdir-external-provisioner, nri-f5, kube-state-metrics, ferretdb, go-bindata,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: smarter-device-manager, sigstore-scaffolding-fips, memcached-exporter, prometheus-operator-fips, trust-manager, newrelic-infra-operator, kube-state-metrics-fips, prometheus-mongodb-exporter-fips, eksctl, aws-efs-csi-driver-fips, ollama, hugo-extended,...
AZL-35643 CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35642 CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35641 CVE-2024-24786 affecting package docker-buildx for versions less than 0.14.0-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
CVE-2024-27198 CVE-2024-27198 - Authentication Bypass Usi...
Mozilla: two aws access key and secret key and database username and password exposed
A security vulnerability was identified in a Docker image hosted on Docker Hub. The image, associated with Mozilla's Common Voice project, was found to contain exposed AWS access keys, AWS secret keys, and database credentials. These sensitive credentials were discovered within the file...
Exploit for Injection in Atlassian Confluence_Data_Center
Executing Arbitrary Code In Confluence Memory CVE-2023-22527...
openSUSE: Security Advisory for docker (SUSE-SU-2023:3536-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Docassemble HTML and javascript injection
Impact A user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The HTML can also contain tags allowing JavaScript to execute on the page. Patches The vulnerability has been patched in version 1.4.97 of the master...
GHSA-PCFX-G2J2-F6F6 Docassemble HTML and javascript injection
Impact A user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The HTML can also contain tags allowing JavaScript to execute on the page. Patches The vulnerability has been patched in version 1.4.97 of the master...
Docassemble open redirect
Impact It is possible to create a URL that acts as an open redirect. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched. Workarounds If upgrading is not possible, manually apply the changes of 4801ac7 and restart the...
GHSA-7WXF-R2QV-9XWR Docassemble open redirect
Impact It is possible to create a URL that acts as an open redirect. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched. Workarounds If upgrading is not possible, manually apply the changes of 4801ac7 and restart the...
Docassemble unauthorized access through URL manipulation
Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...
GHSA-JQ57-3W7P-VWVV Docassemble unauthorized access through URL manipulation
Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. Patches The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...