125 matches found
CVE-2022-34208
A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...
CVE-2022-34208
CVE-2022-34208 : Jenkins Beaker Builder Plugin 1.10 and earlier has a missing permission check in a form-validation path. This allows attackers with Overall/Read permission to connect to an attacker-specified URL, and the flow may enable CSRF scenarios. The vulnerability is documented across mult...
CVE-2022-34207
A cross-site request forgery CSRF vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL...
CVE-2022-34207
CVE-2022-34207 concerns Jenkins Beaker Builder Plugin (versions
PT-2022-22078 · Jenkins · Jenkins Beaker Builder Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Beaker builder Plugin versions 1.10 and earlier Description: A missing permission check in the Jenkins Beaker builder Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. This issue also result...
Jenkins Plugin Beaker 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could use this vulnerability to connect to a specified URL by...
PT-2022-22077 · Jenkins · Jenkins Beaker Builder Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Beaker builder Plugin versions 1.10 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified URL. This can be exploited by attackers to perform unauthorized actions...
Jenkins Plugin Beaker 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could use this vulnerability to connect to a specified URL by...
GHSA-9678-5F6F-WP3F Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted...
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted...
GHSA-39VM-P9MR-4R27 Beaker Sensitive Information Disclosure vulnerability
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
Beaker Sensitive Information Disclosure vulnerability
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
Beaker Sensitive Information Disclosure vulnerability
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...
GHSA-3CWM-7JMM-774W Deserialization of Untrusted Data in Beaker
The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...
alignak-webui (>=0.11.1 <=0.12.2), candig-ingest (>=1.3.1 <=1.5.0) +4 more potentially affected by CVE-2013-7489 via beaker (>=1.10.0 <=1.11.0)
beaker PYPI version =1.10.0, =0.11.1, =1.3.1, =1.2.3, =0.1.0, =1.0.0, =1.0.1, =1.0.5 Source cves: CVE-2013-7489 Source advisory: OSV:GHSA-3CWM-7JMM-774W...
Deserialization of Untrusted Data in Beaker
The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...
Deserialization of Untrusted Data
The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...
Huawei EulerOS: Security Advisory for python-beaker (EulerOS-SA-2021-2608)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : python-beaker (EulerOS-SA-2021-2608)
According to the versions of the python-beaker package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain...
CVE-2013-7489
A flaw was found in python-beaker, where it is affected by the deserialization of untrusted data. This flaw allows an attacker to enter malicious payloads into the cache database for example, if they are on the network and have credentials for the database, to perform remote code execution on the...