23 matches found
EUVD-2022-5891
Malicious code in bioql PyPI...
CVE-2023-30960
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...
Linux Distros Unpatched Vulnerability : CVE-2024-8986
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved ...
SUSE CVE-2024-8986
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
CVE-2024-8986
A flaw was found in grafana-plugin-sdk-go package. The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository UR...
GHSA-XXXW-3J6H-Q7H6 Grafana plugin SDK Information Leakage
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
Grafana plugin SDK Information Leakage
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
CVE-2024-8986
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
CVE-2024-8986
CVE-2024-8986 is tied to Grafana’s grafana-plugin-sdk-go which embeds build metadata in binaries, including the repository URL obtained via git remote get-url origin. If credentials are present in that URL, the final binary may contain the full URI with credentials, creating a risk of credential ...
Information Leakage in grafana-plugin-sdk-go
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin . If credentials are included in the repository URI for instance, to allow for fetching of private...
Grafana 安全漏洞
Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana has a security vulnerability that stems from bundling build metadata...
PT-2024-6336 · Grafana · Grafana Plugin Sdk
Name of the Vulnerable Software and Affected Versions: Grafana Plugin SDK versions prior to 0.250.0 Description: The issue is related to the Grafana Plugin SDK bundling build metadata into the binaries it compiles, which includes the repository URI for the plugin being built. If credentials are...
CVE-2023-30960
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...
CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
CVE-2022-34177
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
Design/Logic Flaw
Jenkins Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers...
Jenkins Plugin Pipeline 路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Pipeline Plugin...