GHSA-9773-3FQG-8W25 OpenStack Neutron's unsupported dport option prevents applying security groups

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...

GHSA-JR9M-V5QH-MH2J OpenStack Neutron overlapping security group rules prevents compute node network configuration

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those...

OpenStack Neutron overlapping security group rules prevents compute node network configuration

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those...

OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...

GHSA-QFP8-HFQX-C79C OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

What’s New for Developers: April 2022

We have big news this month. You may have already heard that we acquired Linode, creating the world’s most distributed compute platform. In addition, we have release announcements and new developer content to share with you!...

GHSA-VHXQ-9MPV-GJ87 Private key stored in plain text by Jenkins Google Compute Engine Plugin

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Agent/Extended Read permission, or access to the Jenkins controller file system...

Private key stored in plain text by Jenkins Google Compute Engine Plugin

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Agent/Extended Read permission, or access to the Jenkins controller file system...

Jenkins Google Compute Engine Plugin has an unspecified vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A security vulnerability exists in the Jenkins Google Compute Engine Plugin, which stems from storing unencrypted private...

CVE-2022-29052

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-29052

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-29052

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-29052

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-29052

CVE-2022-29052 affects Jenkins Google Compute Engine Plugin 4.3.8 and earlier, which stores private keys unencrypted in cloud agent config.xml on the Jenkins controller, enabling viewing by users with Extended Read permission or filesystem access. This exposes sensitive keys; no exploit details a...

CVE-2022-29052

Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private keys unencrypted in cloud agent config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A security vulnerability exists in the Jenkins Google Compute Engine Plugin, which stems from storing unencrypted private...

PT-2022-19392 · Jenkins · Jenkins Google Compute Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Compute Engine Plugin versions 4.3.8 and earlier Description: The issue allows private keys to be stored unencrypted in cloud agent config.xml files on the Jenkins controller. This can be viewed by users with Agent/Extended Rea...

The vulnerability of the compute_closed_spline() function in the trans_spline.c component of the Fig2dev file conversion tool allows a hacker to cause a service failure.

The vulnerability of the computeclosedspline function in the transspline.c component of the .fig Fig2dev conversion tool is related to pointer manipulation errors. Exploiting this vulnerability allows an attacker to cause a service failure...