Jenkins Job Import Plugin vulnerable to exposure of sensitive information

Jenkins Job Import Plugin did not check user permissions on its API endpoint used to access remote Jenkins instances. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

GHSA-57WW-2CVR-WV38 Jenkins Job Import Plugin vulnerable to exposure of sensitive information

Jenkins Job Import Plugin did not check user permissions on its API endpoint used to access remote Jenkins instances. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

GHSA-VHH3-MVC4-HHQ6 Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

Account Takeover

Description In this case i found that api endpoint Leaking password and username. Proof of Concept 1. An Admin add a new secretary with access to providers 2. Secretary send a post request to https://demo.easyappointments.org/index.php/backendapi/ajaxgetcalendarappointments endpoint 3. If selecte...

CVE-2021-39390

CVE-2021-39390 describes a Stored XSS in PartKeepr 1.4.0. The vulnerability arises in the edit module where multiple API endpoints accept a name parameter without proper sanitization/validation, allowing injection of JavaScript that can be executed in the client browser. Affected software: PartKe...

CVE-2021-45839

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

Design/Logic Flaw

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517 as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint...

CVE-2021-45842

The CVE-2021-45842 issue affects Terramaster TOS on F4-210 and F2-210 devices running 4.2.X (4.2.15-2107141517). A request to the endpoint /module/api.php?mobile/wapNasIPS can disclose sensitive data, including the first administrator hash and other network identifiers (MAC address, internal IP)....

Command Injection

npm-dependency-versions is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of input via the API endpoint via the dependencyVersions function...

Gardener 访问控制错误漏洞

Gardener is an open source Kubernetes cluster management tool. The product supports managing, monitoring, and updating Kubernetes clusters. Gardener suffers from an Access Control Error vulnerability that allows an attacker to incorrectly access the application. Configuration is leaked via a /api...

PT-2022-17942 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: Mingsoft MCMS version 5.2.7 Description: A SQL injection issue was discovered in Mingsoft MCMS. The issue is related to the /cms/content/list API endpoint. Recommendations: For Mingsoft MCMS version 5.2.7, consider restricting access to the...

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

Design/Logic Flaw

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

CVE-2021-41594

In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieve...

Information Disclosure

motioneye is vulnerable to information disclosure. The vulnerability exists due to an insecure access control allowing an attacker to access sensitive information via the GET request to web API /config/list endpoint when a user's password is not configured...

Path traversal

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository acces...

Remote Code Execution (RCE)

ungit is vulnerable to remote code execution. An attacker can inject and execute malicious git options through the user-controlled values in the git fetch command when calling the /api/fetch endpoint...

Information Disclosure

freetakserverui is vulnerable to SQL injection. The vulnerability exists due to a lack of sanitization of the API endpoint...

FreeTAKServer-UI SQL Injection Vulnerability

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam team.FreeTAKServer-UI is vulnerable to SQL injection, which stems from the API endpoint/AuthenticateUser containing SQL injection into the SQLite3 database, which can be exploited by an attacker to obtain the database All...

SQL Injection in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...