CVE-2023-2633

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...

Design/Logic Flaw

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-2633 API keys stored and displayed in plain text by Code Dx Plugin

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-2633

Summary: Jenkins Code Dx Plugin versions 3.1.0 and earlier store/display Code Dx server API keys in plain text in configuration artifacts and on the job configuration form, enabling observers with access to Jenkins config or file system to view keys. The root cause is unmasked, unencrypted storag...

CVE-2023-2633 API keys stored and displayed in plain text by Code Dx Plugin

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-2633

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-2632 API keys stored and displayed in plain text by Code Dx Plugin

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2023-2632

CVE-2023-2632 affects the Jenkins Code Dx Plugin (3.1.0 and earlier). The vulnerability arises from unencrypted Code Dx server API keys stored in job config.xml on the Jenkins controller, which can be read by users with Item/Extended Read permission or with controller access. This leads to inform...

CVE-2023-2632

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2023-2632 API keys stored and displayed in plain text by Code Dx Plugin

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Jenkins Code Dx Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.17. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Code Dx Plugin CVE-2023-2195,...

CVE-2023-30845

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

Authentication flaw

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

CVE-2023-30845 ESPv2 vulnerable to JWT authentication bypass via `X-HTTP-Method-Override` header

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

PT-2023-23000

Name of the Vulnerable Software and Affected Versions ESPv2 versions 2.20.0 through 2.42.0 Description The issue allows API clients to bypass JWT authentication by crafting a malicious X-HTTP-Method-Override header value under specific conditions. This occurs when the requested HTTP method is not...

Palo Alto Networks PAN-OS 8.1.x < 8.1.24 / 9.0.x < 9.0.17 / 9.1.x < 9.1.15 / 10.0.x < 10.0.12 / 10.1.x < 10.1.8 / 10.2.x < 10.2.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.24 or 9.0.x prior to 9.0.17 or 9.1.x prior to 9.1.15 or 10.0.x prior to 10.0.12 or 10.1.x prior to 10.1.8 or 10.2.x prior to 10.2.3. It is, therefore, affected by a vulnerability. - A vulnerability in Palo...

New Python-Based "Legion" Hacking Tool Emerges on Telegram

An emerging Python-based credential harvester and a hacking tool named Legion is being marketed via Telegram as a way for threat actors to break into various online services for further exploitation. Legion, according to Cado Labs, includes modules to enumerate vulnerable SMTP servers, conduct...

CVE-2023-0005

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys...