10 matches found
Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 Openshift Jenkins security update
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 Openshift Jenkins security update
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : Red Hat Product OCP Tools 4.14 Openshift Jenkins (RHSA-2024:8885)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8885 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
RHEL 8 : Red Hat Product OCP Tools 4.13 Openshift Jenkins (RHSA-2024:8887)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8887 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
CVE-2021-44549
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
org.apache.sling:org.apache.sling.cms.reference (>=0.16.0 <=1.1.0) potentially affected by CVE-2021-44549 via org.apache.sling:org.apache.sling.commons.messaging.mail (=1.0.0)
org.apache.sling:org.apache.sling.commons.messaging.mail MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.sling:org.apache.sling.commons.messaging.mail and may be impacted: - org.apache.sling:org.apache.sling.cms.referenc...
CVE-2021-44549
creationtimestamp| type| source ---|---|--- 2021-12-14 18:15:37+00:00| published-proof-of-concept| https://t.me/cibsecurity/33946...
CVE-2021-44549
CVE-2021-44549 affects Apache Sling Commons Messaging Mail (Sling Mail) implementations that use SMTPS. The issue arises from the SimpleMailService in Apache Sling Commons Messaging Mail 1.0 which lacked an option to enable mail.smtps.ssl.checkserveridentity by default, leaving SMTPS connections ...
CVE-2021-44549 SMTPS server hostname not checked when making TLS connection to SMTPS server
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these addition...