SUSE CVE-2019-1000008

All versions of Helm between Helm =2.0.0 and 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The commands helm fetch --untar and helm lint some.tgz that can result when chart archive files are unpacked a file may be unpacked...

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +1 more potentially affected by CVE-2018-1000008 via org.jvnet.hudson.plugins:pmd (>=3.33 <=3.42)

org.jvnet.hudson.plugins:pmd MAVEN version =3.33, =1.7.2, =1.0.0, =1.7.1 - org.jenkins-ci.plugins:php =1.0 Source cves: CVE-2018-1000008 Source advisory: OSV:GHSA-687X-269M-7CV9...

CVE-2019-1000008

All versions of Helm between Helm =2.0.0 and 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The commands helm fetch --untar and helm lint some.tgz that can result when chart archive files are unpacked a file may be unpacked...

CVE-2019-1000008

All versions of Helm between Helm =2.0.0 and 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The commands helm fetch --untar and helm lint some.tgz that can result when chart archive files are unpacked a file may be unpacked...

CVE-2019-1000008

CVE-2019-1000008 affects all Helm versions from 2.0.0 up to, but not including, 2.12.2. The vulnerability is a Path Traversal in chart archive unpacking (commands: helm fetch --untar and helm lint some.tgz), where files can be extracted outside the target directory. Root cause is improper validat...

CVE-2018-1000008

The CVE-2018-1000008 family is an XXE (XML External Entity) vulnerability in the Jenkins PMD Plugin, affecting version 3.49 and earlier. It processes XML during builds, allowing authenticated Jenkins users to extract secrets from the Jenkins master, perform server-side request forgery (SSRF), or ...

CVE-2017-1000008

Summary: CVE-2017-1000008 affects Chyrp Lite 2016.04. A CSRF flaw in the user settings function lets an attacker hijack the logged-in user’s session to modify account information, including passwords. The CVSS metrics in the primary entry indicate a high impact (C/H, I/H, A/H) with network access...

CVE-2015-1000008

Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2...

CVE-2015-1000008

The CVE-2015-1000008 entry concerns the WordPress MP3-jPlayer plugin (v2.3.2) and a path disclosure flaw. Connected records (CNVD/NVD/W PVulnDB) confirm an information disclosure vulnerability in this plugin, with PoC content showing download.php leaking server paths. The WpVulnDB entry notes “Fu...

CVE-2015-1000008

Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2...