CVE-2022-41248

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2022-41248

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2022-41248

CVE-2022-41248 affects Jenkins BigPanda Notifier Plugin (versions ≤ 1.4.0). The root cause is that the plugin does not mask the BigPanda API key in the global configuration form and stores the API key in plaintext in the Jenkins controller file system (e.g., BigpandaGlobalNotifier.xml). This expo...

CVE-2022-41247

CVE-2022-41247 — Jenkins BigPanda Notifier Plugin : The plugin versions 1.4.0 and earlier store the BigPanda API key unencrypted in the Jenkins controller’s global configuration file (BigpandaGlobalNotifier.xml) and do not mask it in the global configuration form, allowing users with Jenkins cont...

CVE-2022-41247

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-41247

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

Jenkins BigPanda Notifier Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-25763 · Jenkins · Jenkins Bigpanda Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage and display of the BigPanda API key in the plugin's configuration. The BigPanda API key is stored unencrypted in the...

PT-2022-25762 · Jenkins · Jenkins Bigpanda Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage of the BigPanda API key in an unencrypted form within the global configuration file on the Jenkins controller. This file can be accessed b...

CVE-2022-36073

RubyGems.org (the RubyGems host) is affected by CVE-2022-36073 due to a bug in the password and email change confirmation flow that lets an attacker change an account’s email to an unowned address. This could enable the attacker to access saved API keys and, after an authenticated user resets the...

GetResponse < 5.5.21 - API Key Update via CSRF

The plugin does not have CSRF check when updating the API key, which could allow attackers to make logged admins update it via a CSRF attack...

WordPress GetResponse plugin <= 5.5.20 - Cross-Site Request Forgery (CSRF) vulnerability leading to API Key Update

Cross-Site Request Forgery CSRF vulnerability leading to API Key Update discovered by Rasi Afeef Patchstack Alliance in WordPress GetResponse plugin versions = 5.5.20. Solution Update the WordPress GetResponse for WordPress plugin to the latest available version at least 5.5.21...

CSRF on deleting an API key

Description An attacker can send a crafted link to a Froxlor admin. The admin, after clicking on the link and logging in, will redirect to the API key deletion endpoint, which is a GET request. This will result in deleting the API key with the specified id from the attacker. Proof of Concept 1...

CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

Hardcoded credentials

'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

CVE-2022-35734

The CVE-2022-35734 issue affects the Hulu App for Android (versions 3.0.47–3.1.1). The root cause is a hard-coded API key for an external service embedded in the app, which could potentially be recovered by analyzing the app data/reverse engineering. Reported impact is exposure of the API key; ex...

CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

Design/Logic Flaw

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...