49 matches found
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.0 bsc1231039. CVE-2024-40866 CVE-2024-44187 Already fixed in version 2.44.3: CVE-2024-4558 CVE-2024-27838 CVE-2024-27851 Already fixed in version 2.44.2: CVE-2024-27834 CVE-2024-27808 CVE-2024-27820 CVE-2024-27833...
PT-2024-31405
Name of the Vulnerable Software and Affected Versions Fides versions 2.19.0 through 2.43.x Description The Email Templating feature in Fides uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...
PT-2022-22064 · Jenkins +1 · Jenkins +2
Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 2.2.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Repository Connector Plugin does not escape the name and description of...
PT-2022-22053 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Date Parameter Plugin versions 0.0.4 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Date Parameter Plugin does not escape the name and description of Date paramete...
PT-2022-22066 · Jenkins · Jenkins Sauce Ondemand Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Sauce OnDemand Plugin versions 1.204 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin doe...
PT-2022-20424 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins vboxwrapper Plugin versions 1.3 and earlier Description: The Jenkins vboxwrapper Plugin does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting XSS...
GHSA-6967-9VVV-4CMM Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible SECURITY-380. This only affects anonymous users other users legitimately have access that were able to get a list of items via an...
Cross-Site Request Forgery in Jenkins
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records SECURITY-406...
PT-2022-19386 · Jenkins +1 · Jenkins +2
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.3 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Subversion Plugin does not escape the name and description of List Subversion tags...
CVE-2021-35490
Thruk before 2.44 allows XSS for a quick command...
CVE-2021-35490
Thruk before 2.44 allows XSS for a quick command...
USN-4608-1 ca-certificates update
The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle...
KeePass 2.44 Denial Of Service
Exploit Title : KeePass 2.44 - Denial of Service PoC Product : KeePass Password Safe Version : Help About KeePass Help any local help area Drag&Drop HTML File Save the contents to html. Payload-1: DoS & Run Cmd //=0;i-- tryo+=x.c" + "harAti;catchereturn o;f"\"function fx,yvar i,o=\"\\\""+...
CVE-2017-2604
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks SECURITY-371...
CVE-2017-2610
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names SECURITY-388...
CVE-2017-2604
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks SECURITY-371...
CVE-2017-2602
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents SECURITY-358...
CVE-2017-2608
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs SECURITY-383...
Cross site scripting
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...
PT-2018-7128 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.44 Jenkins versions prior to 2.32.2 Description: The issue concerns a persisted cross-site scripting vulnerability in parameter names and descriptions. Users with the permission to configure jobs were able to injec...