Octopus Server 授权问题漏洞

Octopus Server is an automated deployment platform. An authorization issue vulnerability exists in Octopus Server that stems from access rights being managed by an external authentication provider, where disabling or deleting a user's API key may still be valid after access rights have been...

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked...

CVE-2022-39351

Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit...

CVE-2022-39351 Dependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions

Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit...

API keys stored in plain text by Jenkins Katalon Plugin

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Katalon Plugin 1.0.33 no...

GHSA-35RX-7PC8-6963 API keys stored in plain text by Jenkins Katalon Plugin

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Katalon Plugin 1.0.33 no...

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

PT-2022-26904 · Jenkins · Credentials Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Katalon Plugin versions 1.0.32 and earlier Description: The issue concerns the storage of API keys in an unencrypted manner within job config.xml files on the Jenkins controller. These keys can be accessed by users with Extended Read...

CVE-2022-43419

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-43419

CVE-2022-43419 affects Jenkins Katalon Plugin 1.0.32 and earlier. It stores API keys unencrypted in job config.xml files on the Jenkins controller, viewable by users with Item/Extended Read permission or with file-system access. Consequence is potential exposure of API credentials (confidentialit...

JSubFinder - Searches Webpages For Javascript And Analyzes Them For Hidden Subdomains And Secrets

JSubFinder is a tool writtin in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go's amazing performance allowing it to utilize large data sets & be easily chained with other tools...

Design/Logic Flaw

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

CVE-2022-31130

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

CVE-2022-31130 Grafana data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana is an open source observability and data visualization platform. Versions of Grafana for endpoints prior to 9.1.8 and 8.5.14 could leak authentication tokens to some destination plugins under some conditions. The vulnerability impacts data source and plugin proxy endpoints with...

Fast Company hacked to send obscene and racist messages

Yesterday, Apple News announced it had disabled the channel of Fast Company, a US-based business magazine, after surprised Twitter users reported it was tweeting offensive comments. An incredibly offensive alert was sent by Fast Company, which has been hacked. Apple News has disabled their channe...

How to Accelerate Your SOAR Program to Full Speed in Less Than a Year

Every new technology comes with a learning curve specific to your organization. First you learn the basics, then you accelerate. Rapid7’s offerings are no different. As a Senior Information Security Engineer at Brooks, I have firsthand experience with this process. I oversaw the implementation of...