5118 matches found
Jenkins XebiaLabs XL Release Plugin Licensing Issue Vulnerability (CNVD-2022-58430)
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-34780
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-34780
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-34781
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
PT-2022-22332 · Xebialabs +1 · Jenkins Xebialabs Xl Release Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Release Plugin versions 22.0.0 and earlier Description: The issue is related to missing permission checks in the Jenkins XebiaLabs XL Release Plugin, allowing attackers with Overall/Read permission to connect to an...
Jenkins XebiaLabs XL Release Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...
Gamification of Ethical Hacking and Hacking Esports
While ethical hacking is by no means a new or groundbreaking practice, the scale at which organizations and individuals are undertaking such initiatives continues to intensify, especially considering recent events such as the log4j vulnerability. Traditionally, ethical hacking is undertaken by...
MAL-2022-2078 Malicious code in com.unity.modules.screencapture (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5366acc1724e2c06f0d14d7c184f5a94703e4be8fcbcfa54e355e71653d1a39e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-31246
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...
CVE-2022-31246
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...
CVE-2022-31246
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...
CVE-2022-31246
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...
CVE-2022-31246
paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...
kkcms SQL Injection Vulnerability
kkcms is an open source video capture and playback system. The system is mainly used to automatically capture video resources and provide online playback. kkcms v1.3.7 version has a SQL injection vulnerability, the vulnerability originates from /template/wapian/vlist.php does not filter the...
Design/Logic Flaw
kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...
CVE-2022-31055 Improper Access Control in kctf
kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...
CVE-2022-31055
Summary: CVE-2022-31055 relates to Google kCTF, a Kubernetes-based CTF infrastructure. Several connected sources confirm that prior to version 1.6.0 the kCTF cluster set-src-ip-ranges feature was broken, effectively allowing traffic from any IP due to improper access control. The issue was patche...
PacketStreamer - Distributed Tcpdump For Cloud Native Environments
Deepfence PacketStreamer is a high-performance remote packet capture and collection tool. It is used by Deepfence's ThreatStryker security observability platform to gather network traffic on demand from cloud workloads for forensic analysis. Primary design goals: Stay light, capture and stream, n...
Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector
Cybersecurity researchers have taken the wraps off what they call a "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal...