CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

CVE-2023-40339

CVE-2023-40339 affects the Jenkins Config File Provider Plugin (versions including 952.va_544a_6234b_46 and earlier). The issue is that credentials specified in configuration files are not masked (not replaced with asterisks) when written to the build log, potentially exposing secrets. Public adv...

CVE-2023-40340

Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in Pipeline build logs...

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

PT-2023-27397 · Jenkins · Jenkins Config File Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 952.va 544a 6234b 46 and earlier Description: The issue concerns the Jenkins Config File Provider Plugin, where credentials specified in configuration files are not masked when written to the build...

Jenkins Plugin Config File Provider 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-38943

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

PT-2023-26699 · Unknown · Dango-Translator

Name of the Vulnerable Software and Affected Versions: Dango-Translator version 4.5.5 Description: A remote command execution RCE issue was found in Dango-Translator via the app/config/cloud config.json component. Recommendations: For Dango-Translator version 4.5.5, at the moment, there is no...

mRemoteNG 1.77.3.1784-NB Sensitive Information Extraction

Exploit Title: mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Google Dork: - Date: 21.07.2023 Exploit Author: Maximilian Barz Vendor Homepage: https://mremoteng.org/ Software Link: https://mremoteng.org/download Version: mRemoteNG = v1.77.3.1784-NB Tested on:...

Buffer overflow

In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2023-21243

In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

PT-2023-5755 · Sonicwall +1 · Sonicwall Gms +2

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to hardcoded Tomcat application credentials in the SonicWall GMS and Analytics configuration file. This could...

CVE-2023-29130

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.5. Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control...

wallabag 安全漏洞

wallabag is a web application that allows you to save web pages for later reading. A security vulnerability exists in wallabag version 2.5.4, which stems from the parameter Name in the file /config that causes resource allocation...

CVE-2023-35890

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

DEBIAN-CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

OESA-2023-1388 iniparser security update

This modules offers parsing of ini files from the C level. See a complete documentation in HTML format, from this directory open the file html/index.html with any HTML-capable browser. Security Fixes: iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparsergetlongint which...

ASB-A-274445194

In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...