214 matches found
Kubernetes: Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.
Hello, Who we are : We’re two French security researchers and our respective names are Brice Augras and Christophe Hauquiert, we worked and found the vulnerability together. Brice Augras from https://www.groupe-asten.fr/ company - https://hackerone.com/reeverzax Christophe Hauquiert -...
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
Denial Of Service (Dos)
mysql is vulnerable to denial of service. An easy to exploit vulnerability allows a high privileged attacker to crash the server...
Denial Of Service (Dos)
mysql is vulnerable to denial of service. An easy to exploit vulnerability allows a low privileged attacker to crash the server...
PT-2019-11782 · Jenkins · Jenkins Relution Enterprise Appstore Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Relution Enterprise Appstore Publisher Plugin versions 1.24 and earlier Description: A cross-site request forgery issue allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. Recommendations: For...
ForeScout Technologies: HTML Injection & Content Spoofing
Summary: The Main Search Box of the site "www.forescout.com" is Vulnerable for HTML Injection & Content Spoofing Steps To Reproduce: 1. Visit example link 2. in The Search Box enter HTML Code test 3. in the Result Page, the HTML code Will be render Impact 1. enter the Next Code In The Search Box...
UBUNTU-CVE-2019-14513
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491...
CVE-2019-10293
A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10292
A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003086
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
CVE-2019-1003091
A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
PT-2019-11369 · Vmware +1 · Jenkins Vmware Lab Manager Slaves Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin affected versions not specified Description: A missing permission check in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate...
PT-2019-11370 · Jenkins · Jenkins Openshift Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin affected versions not specified Description: A cross-site request forgery issue exists in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method, allowing attackers to initiate a...
PT-2019-11382 · Jenkins · Jenkins Nomad Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin affected versions not specified Description: A cross-site request forgery issue exists in the NomadCloud.DescriptorImpldoTestConnection form validation method, allowing attackers to initiate a connection to an...
PT-2019-11380 · Jenkins · Jenkins Soasta Cloudtest Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins SOASTA CloudTest Plugin affected versions not specified Description: A cross-site request forgery issue exists in the CloudTestServer.DescriptorImpldoValidate form validation method, allowing attackers to initiate a connection to an...
PT-2019-11694 · Jenkins · Jenkins Kmap Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: A cross-site request forgery issue exists in the form validation methods of KmapJenkinsBuilder.DescriptorImpl, allowing attackers to initiate a connection to an attacker-specifi...
PT-2019-11348 · Jenkins · Jenkins Ftp Publisher Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins FTP publisher Plugin affected versions not specified Description: A cross-site request forgery issue exists in the FTPPublisher.DescriptorImpldoLoginCheck method, allowing attackers to initiate a connection to an attacker-specified...
PT-2019-11680 · Jenkins · Jenkins Jenkins-Reviewbot Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-reviewbot Plugin affected versions not specified Description: A cross-site request forgery issue exists in the ReviewboardDescriptordoTestConnection form validation method, allowing attackers to initiate a connection to an...
PT-2019-11372 · Jenkins · Jenkins Gearman Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Gearman Plugin affected versions not specified Description: A cross-site request forgery issue exists in the GearmanPluginConfigdoTestConnection form validation method, allowing attackers to initiate a connection to an...
PT-2019-11367 · Jenkins · Jenkins Audit To Database Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: A missing permission check in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiat...