Lucene search
K

5112 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:45 p.m.25 views

Missing permission check in Jenkins Team Foundation Server Plugin allow capturing credentials

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS4.1AI score0.00972EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:6 p.m.26 views

GHSA-9HVF-PFQ3-7PP6 CSRF vulnerability in Jenkins Amazon EC2 Plugin

Amazon EC2 Plugin 1.47 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...

3.1CVSS8.7AI score0.00827EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 5:3 p.m.11 views

GHSA-8RFC-V3VJ-J62W Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.2AI score0.00852EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:3 p.m.14 views

GHSA-C998-C4F6-VJW2 Jenkins Team Concert Plugin missing permission check

Jenkins Team Concert Plugin 1.3.0 and earlier does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

7.1CVSS6.4AI score0.00798EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:59 p.m.16 views

GHSA-M295-M3X4-3MMC Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.7AI score0.00678EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:59 p.m.22 views

Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS5AI score0.00678EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:52 p.m.12 views

GHSA-6Q4P-JRJV-44GF Cross-site request forgery vulnerability in Jenkins XL TestView Plugin

A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...

8.8CVSS8.7AI score0.00859EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.17 views

Missing permission check in Jenkins Docker Plugin

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

6.5CVSS6.7AI score0.01691EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.29 views

Jenkins Docker Plugin contains Cross-Site Request Forgery

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

8.8CVSS4.6AI score0.01397EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:44 p.m.17 views

LibreNMS arbitrary OS commands execution

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...

10CVSS8.3AI score0.71487EPSS
Exploits9References5Affected Software1
CVE
CVE
added 2022/05/24 2:40 p.m.102 views

CVE-2022-29237

Opencast exposes a cross-tenant access flaw: before versions 10.14 and 11.7, an attacker with full access to the ingest REST interface and knowledge of internal links could import files from another organization within the same multi-tenant cluster, bypassing organizational barriers. The issue is...

5.5CVSS5.1AI score0.00541EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.4 views

PT-2022-20414 · Jenkins · Jenkins Ssh Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SSH Plugin versions 2.6.1 and earlier Description: A missing permission check in the Jenkins SSH Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

6.5CVSS6.2AI score0.008EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.2 views

Apple macOS Big Sur 安全特征问题漏洞

Apple macOS Big Sur is the 17th major version of Apple's macOS Big Sur, the U.S. Apple's macOS Big Sur is the 17th major version of macOS, the operating system used by Apple for the MAC. A security signature issue vulnerability exists in the Apple macOS Big Sur component, which can be exploited b...

6.5CVSS6.9AI score0.02219EPSS
Exploits2References10
Positive Technologies
Positive Technologies
added 2022/05/16 12:0 a.m.5 views

PT-2022-6991 · Apple · Macos Monterey +4

Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 8.6 macOS versions prior to 12.4 macOS Big Sur versions prior to 11.6.6 macOS Catalina versions prior to Security Update 2022-004 Description: The issue is related to insufficient access control in the TCC component ...

7.8CVSS6.3AI score0.02219EPSS
Exploits2References18
vulnersOsv
vulnersOsv
added 2022/05/14 3:58 a.m.5 views

com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.0), org.jenkins-ci.lib:xtrigger-lib (=0.36) +13 more potentially affected by CVE-2016-0788 via org.jenkins-ci.main:jenkins-core (>=1.643 <=1.649)

org.jenkins-ci.main:jenkins-core MAVEN version =1.643, =4.0.9, =1.643, =1.643, =1.645, =0.5, =1.648, =4.0.4, =1.0.0, =1.643, =1.0.45, =0.3.2, =0.3.8 - org.jenkins.plugins.statistics.gatherer:statistics-gatherer =1.0.1 Source cves: CVE-2016-0788 Source advisory: OSV:GHSA-J7Q5-H445-F7PC...

10CVSS6.7AI score0.1184EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2022/05/14 3:13 a.m.22 views

Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

6.5CVSS2.7AI score0.00988EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/14 3:13 a.m.20 views

GHSA-92RV-MVMJ-47QH Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

4.2CVSS6.4AI score0.00988EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 1:9 a.m.22 views

Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java. SaltStack Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to...

7.5CVSS1.8AI score0.00559EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/05/14 12:15 a.m.15 views

Path traversal

OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...

7.5CVSS9.8AI score0.02873EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/13 11:40 p.m.32 views

CVE-2022-24830 Path Traversal in OpenClinica

OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...

6.5CVSS10AI score0.02873EPSS
Exploits1References2
Rows per page
Query Builder