Vulnerable version of xmlsec used - CVE-2021-40690 in atlassian-authentication-plugin

Recently we have identified that on top of the libraries mentioned in JRASERVER-73580, there was another libraryatlassian-authentication-plugin that has a transitive dependency of xmlsec that could be related to the vulnerability described in...

CVE-2021-40691

A session hijack risk was identified in the Shibboleth authentication plugin...

mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

Vulnerability of the Server component: PAM Auth Plugin of the MySQL Server database management system, which allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Server component: the PAM Auth Plugin of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain access to modify, add, or delete data...

The vulnerability of the jwt-auth plugin for the Apache APISIX cloud API gateway allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the jwt-auth plugin for the Apache APISIX cloud API gateway is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Vulnerability of the Server component: PAM Auth Plugin of the MySQL Server database management system, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the MySQL Server database management system’s PAM Auth Plugin relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information using the FIDO network protocol...

UBUNTU-CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames

GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...

CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames

GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...

GoCD 注入漏洞

GoCd is a continuous delivery server. GoCD suffers from an injection vulnerability that stems from the fact that the gocd-ldap-authentication-plugin included in GoCD Server fails to properly escape special characters when constructing an LDAP query using a username. An attacker could use this...

CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

CVE-2022-25196

CVE-2022-25196 affects the Jenkins GitLab Authentication Plugin (1.13 and earlier). The vulnerability arises because the plugin records the HTTP Referer header as part of the URL query parameters at the start of authentication, enabling an attacker with Jenkins access to craft a login URL that re...

PT-2022-17136 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Authentication Plugin versions 1.13 and earlier Description: The issue allows attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. This is caused by the plugin...

Jenkins 插件输入验证错误漏洞

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A user redirection vulnerability exists in Jenkins GitLab Authentication Plugin 1.13 and earlier versions, which stems fr...

CVE-2022-21724 Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

CVE-2021-40691

A session hijack risk was identified in the Shibboleth authentication plugin...

PT-2022-11300 · Shibboleth +1 · Shibboleth Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Shibboleth authentication plugin affected versions not specified Description: A session hijack risk was identified in the Shibboleth authentication plugin. Recommendations: At the moment, there is no information about a newer version that...

CVE-2021-38320 simpleSAMLphp Authentication <= 0.7.0 Reflected Cross-Site Scripting

The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0...