168 matches found
PT-2024-2438 · Apache +3 · Apache Commons Configuration +3
Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.0 through 2.10.0 Atlassian Confluence Data Center versions 7.17.0 through 8.9.0 Atlassian Confluence Server versions 7.17.0 through 8.5.8 Description: The issue is related to an out-of-bounds write...
Oracle Business Intelligence Enterprise Edition (OAS 6.4) (October 2023 CPU)
The version of Oracle Business Intelligence Enterprise Edition OAS 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product...
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults
A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...
Arbitrary File Read
jenkins-2-plugins is vulnerable to Arbitrary File Read. The library does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons configuration library that enable the file: prefix interpolator by default, allowing attackers to configure pipelines to read...
K08006936: Apache Commons Configuration vulnerability CVE-2022-33980
Security Advisory Description Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of...
SUSE CVE-2022-33980
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults
A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...
[SECURITY] [DSA 5290-1] commons-configuration2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5290-1 [email protected] https://www.debian.org/security/ Markus Koschany November 28, 2022 https://www.debian.org/security/faq -...
Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]
Summary Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights CVE-2022-42889, CVE-2022-33980. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, par...
Debian DSA-5290-1 : commons-configuration2 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5290 advisory. - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is...
Apache Commons Configuration 2.4 - 2.7 RCE Vulnerability
The Apache Commons Configuration library is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Security Bulletin: Potential vulnerability in Apache Commons Configuration affect IBM Operations Analytics - Log Analysis (CVE-2022-33980)
Summary Vulnerability in Apache Commons Configuration could allow remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the syste...
GHSA-3G9Q-CMGV-G4P6 Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
Default configuration
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
CVE-2022-45381
The CVE-2022-45381 case concerns Jenkins Pipeline Utility Steps Plugin (
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...