5112 matches found
Missing permission check in Jenkins Team Foundation Server Plugin allow capturing credentials
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
GHSA-9HVF-PFQ3-7PP6 CSRF vulnerability in Jenkins Amazon EC2 Plugin
Amazon EC2 Plugin 1.47 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method...
GHSA-8RFC-V3VJ-J62W Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
GHSA-C998-C4F6-VJW2 Jenkins Team Concert Plugin missing permission check
Jenkins Team Concert Plugin 1.3.0 and earlier does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...
GHSA-M295-M3X4-3MMC Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
GHSA-6Q4P-JRJV-44GF Cross-site request forgery vulnerability in Jenkins XL TestView Plugin
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...
Missing permission check in Jenkins Docker Plugin
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
Jenkins Docker Plugin contains Cross-Site Request Forgery
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
LibreNMS arbitrary OS commands execution
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...
CVE-2022-29237
Opencast exposes a cross-tenant access flaw: before versions 10.14 and 11.7, an attacker with full access to the ingest REST interface and knowledge of internal links could import files from another organization within the same multi-tenant cluster, bypassing organizational barriers. The issue is...
PT-2022-20414 · Jenkins · Jenkins Ssh Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SSH Plugin versions 2.6.1 and earlier Description: A missing permission check in the Jenkins SSH Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...
Apple macOS Big Sur 安全特征问题漏洞
Apple macOS Big Sur is the 17th major version of Apple's macOS Big Sur, the U.S. Apple's macOS Big Sur is the 17th major version of macOS, the operating system used by Apple for the MAC. A security signature issue vulnerability exists in the Apple macOS Big Sur component, which can be exploited b...
PT-2022-6991 · Apple · Macos Monterey +4
Name of the Vulnerable Software and Affected Versions: watchOS versions prior to 8.6 macOS versions prior to 12.4 macOS Big Sur versions prior to 11.6.6 macOS Catalina versions prior to Security Update 2022-004 Description: The issue is related to insufficient access control in the TCC component ...
com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.0), org.jenkins-ci.lib:xtrigger-lib (=0.36) +13 more potentially affected by CVE-2016-0788 via org.jenkins-ci.main:jenkins-core (>=1.643 <=1.649)
org.jenkins-ci.main:jenkins-core MAVEN version =1.643, =4.0.9, =1.643, =1.643, =1.645, =0.5, =1.648, =4.0.4, =1.0.0, =1.643, =1.0.45, =0.3.2, =0.3.8 - org.jenkins.plugins.statistics.gatherer:statistics-gatherer =1.0.1 Source cves: CVE-2016-0788 Source advisory: OSV:GHSA-J7Q5-H445-F7PC...
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
GHSA-92RV-MVMJ-47QH Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java. SaltStack Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to...
Path traversal
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...
CVE-2022-24830 Path Traversal in OpenClinica
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...