Lucene search
K

9275 matches found

OSV
OSV
added 2022/05/24 4:50 p.m.15 views

GHSA-745W-V492-4FJ5 Missing permission check in Jenkins Docker Plugin

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

4.3CVSS4.4AI score0.01361EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:50 p.m.14 views

GHSA-76W6-M7VV-7HHW Missing permission check in Jenkins Docker Plugin

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

6.5CVSS6.3AI score0.01691EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.29 views

Jenkins Docker Plugin contains Cross-Site Request Forgery

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

8.8CVSS4.6AI score0.01397EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.17 views

Missing permission check in Jenkins Docker Plugin

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

6.5CVSS6.7AI score0.01691EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/24 4:50 p.m.23 views

GHSA-M6GF-P26P-MX2W Jenkins Docker Plugin contains Cross-Site Request Forgery

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

8.8CVSS8.6AI score0.01397EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2022/05/24 4:47 p.m.5 views

br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-10337 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.7)

org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-10337 Source advisory: OSV:GHSA-G6H2-4X64-C59X...

7.5CVSS6.9AI score0.01999EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 4:44 p.m.2 views

com.groupon.jenkins-ci.plugins:DotCi (>=1.0.0 <=2.27.0), com.groupon.jenkins-ci.plugins:DotCi-DockerPublish (>=1.0.0 <=1.0.3) +5 more potentially affected by CVE-2019-10315 via org.jenkins-ci.plugins:github-oauth (>=0.14 <=0.20)

org.jenkins-ci.plugins:github-oauth MAVEN version =0.14, =1.0.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.0.0, =1.0.0, =1.1.2 Source cves: CVE-2019-10315 Source advisory: OSV:GHSA-PHWV-CRGP-9R69...

8.8CVSS6.7AI score0.02125EPSS
Exploits0
NVD
NVD
added 2022/05/20 9:15 p.m.25 views

CVE-2022-29186

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

9.8CVSS0.01101EPSS
Exploits0References2
Prion
Prion
added 2022/05/20 9:15 p.m.14 views

Design/Logic Flaw

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

6.8CVSS9.4AI score0.01101EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/20 8:20 p.m.25 views

CVE-2022-29186 Use of Hard-coded Cryptographic Key in rundeck/rundeck, rundeckpro/enterprise

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

9.1CVSS9.2AI score0.01101EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/05/20 8:20 p.m.37 views

CVE-2022-29186 Use of Hard-coded Cryptographic Key in rundeck/rundeck, rundeckpro/enterprise

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

9.1CVSS9.8AI score0.01101EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/05/20 8:20 p.m.5 views

CVE-2022-29186 Use of Hard-coded Cryptographic Key in rundeck/rundeck, rundeckpro/enterprise

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

9.1CVSS7.3AI score0.01101EPSS
Exploits0References2
CVE
CVE
added 2022/05/20 8:20 p.m.89 views

CVE-2022-29186

CVE-2022-29186 affects Rundeck Docker images (community and enterprise) versions 4.0 and earlier, where a pre-generated id_rsa.pub SSH keypair was included in the image. If this public key was copied to authorized_keys on a remote host, anyone with the corresponding private key could access those...

9.8CVSS9.7AI score0.01101EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/05/20 8:15 p.m.17 views

Command injection

GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...

6.5CVSS8.9AI score0.03637EPSS
Exploits0References4Affected Software1
Huntr
Huntr
added 2022/05/20 5:41 p.m.42 views

SSRF in /service endpoint

Description The problem came from this line of code I ran docker-drawio with following command : docker run -it --rm --name="draw" -e EXPORTURL=http://somesite.com -p 8080:8080 -p 8443:8443 jgraph/drawio if the drawio EXPORTURL is set to an address without any / after the primary Hostname like...

5CVSS6.4AI score0.05704EPSS
Exploits1
GithubExploit
GithubExploit
added 2022/05/19 11:16 p.m.146 views

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965-spring4shell CVE-2022-22965 Spring4Shell resear...

9.8CVSS9AI score0.99677EPSS
Exploits105
Kitploit
Kitploit
added 2022/05/19 9:30 p.m.29 views

C2concealer - Command Line Tool That Generates Randomized C2 Malleable Profiles For Use In Cobalt Strike

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike. Installation chmod u+x install.sh ./install.sh Building Docker image docker build -t C2concealer . Running with Docker docker container run -it -v :/usr/share/cobaltstrike/ C2concealer...

7.7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/05/18 2:2 p.m.9 views

podman: Default inheritable capabilities for linux container should be empty

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

7.5CVSS5.7AI score0.01441EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/05/18 12:0 a.m.45 views

Oracle Linux 8 : container-tools:3.0 (ELSA-2022-1793)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1793 advisory. - fix CVE-2022-27650 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

7.5CVSS8.1AI score0.01124EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/18 12:0 a.m.50 views

Oracle Linux 8 : container-tools:ol8 (ELSA-2022-1762)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1762 advisory. - switch to RHEL maintenance branch which fixes CVE-2022-27651 - Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access - fix...

8.8CVSS7.3AI score0.05994EPSS
Exploits2References6
Rows per page
Query Builder