Lucene search
K

125 matches found

Cvelist
Cvelist
added 2022/06/22 2:41 p.m.29 views

CVE-2022-34208

A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

6.8AI score0.00553EPSS
Exploits0References1
CVE
CVE
added 2022/06/22 2:41 p.m.122 views

CVE-2022-34208

CVE-2022-34208 : Jenkins Beaker Builder Plugin 1.10 and earlier has a missing permission check in a form-validation path. This allows attackers with Overall/Read permission to connect to an attacker-specified URL, and the flow may enable CSRF scenarios. The vulnerability is documented across mult...

4.3CVSS4.3AI score0.00553EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/22 2:41 p.m.39 views

CVE-2022-34207

A cross-site request forgery CSRF vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL...

8AI score0.00468EPSS
Exploits0References1
CVE
CVE
added 2022/06/22 2:41 p.m.111 views

CVE-2022-34207

CVE-2022-34207 concerns Jenkins Beaker Builder Plugin (versions

6.5CVSS6.3AI score0.00468EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.3 views

PT-2022-22078 · Jenkins · Jenkins Beaker Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Beaker builder Plugin versions 1.10 and earlier Description: A missing permission check in the Jenkins Beaker builder Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL. This issue also result...

4.3CVSS4.8AI score0.00553EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.24 views

Jenkins Plugin Beaker 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could use this vulnerability to connect to a specified URL by...

6.5CVSS5.7AI score0.00468EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.4 views

PT-2022-22077 · Jenkins · Jenkins Beaker Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Beaker builder Plugin versions 1.10 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to an attacker-specified URL. This can be exploited by attackers to perform unauthorized actions...

6.5CVSS6.2AI score0.00468EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.4 views

Jenkins Plugin Beaker 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. An attacker could use this vulnerability to connect to a specified URL by...

4.3CVSS5.7AI score0.00553EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:55 p.m.18 views

GHSA-9678-5F6F-WP3F Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials

Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted...

3.3CVSS5.5AI score0.00291EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:55 p.m.26 views

Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials

Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted...

5.5CVSS4AI score0.00291EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 5:22 a.m.5 views

GHSA-39VM-P9MR-4R27 Beaker Sensitive Information Disclosure vulnerability

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

6.9CVSS6.2AI score0.02447EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/17 5:22 a.m.19 views

Beaker Sensitive Information Disclosure vulnerability

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS6.6AI score0.02447EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.33 views

Beaker Sensitive Information Disclosure vulnerability

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS7AI score0.02447EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/05 12:29 a.m.3 views

GHSA-3CWM-7JMM-774W Deserialization of Untrusted Data in Beaker

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...

6.8CVSS7AI score0.01116EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2022/05/05 12:29 a.m.4 views

alignak-webui (>=0.11.1 <=0.12.2), candig-ingest (>=1.3.1 <=1.5.0) +4 more potentially affected by CVE-2013-7489 via beaker (>=1.10.0 <=1.11.0)

beaker PYPI version =1.10.0, =0.11.1, =1.3.1, =1.2.3, =0.1.0, =1.0.0, =1.0.1, =1.0.5 Source cves: CVE-2013-7489 Source advisory: OSV:GHSA-3CWM-7JMM-774W...

6.8CVSS6.8AI score0.01116EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/05 12:29 a.m.31 views

Deserialization of Untrusted Data in Beaker

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...

6.8CVSS5.3AI score0.01116EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/05 12:0 a.m.16 views

Deserialization of Untrusted Data

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution...

6.8CVSS5.1AI score0.01116EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2021/10/26 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for python-beaker (EulerOS-SA-2021-2608)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.8AI score0.02447EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/10/25 12:0 a.m.20 views

EulerOS 2.0 SP3 : python-beaker (EulerOS-SA-2021-2608)

According to the versions of the python-beaker package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain...

4.3CVSS5.6AI score0.02447EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/06/29 3:50 p.m.16 views

CVE-2013-7489

A flaw was found in python-beaker, where it is affected by the deserialization of untrusted data. This flaw allows an attacker to enter malicious payloads into the cache database for example, if they are on the network and have credentials for the database, to perform remote code execution on the...

5.2CVSS2.9AI score0.01116EPSS
Exploits0References3
Rows per page
Query Builder