545 matches found
SUSE CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...
SUSE CVE-2023-0242
Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...
GHSA-R887-GFXH-M9RR mrpack-install vulnerable to path traversal with dependency
Impact Importing a malicious .mrpack file can cause path traversal while downloading files. This can lead to scripts or config files being placed or replaced at arbitrary locations, without the user noticing. Patches No patches yet. Workarounds Avoid importing .mrpack files from untrusted sources...
PT-2023-19611 · Jenkins · Jenkins View-Cloner Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins view-cloner Plugin versions 1.1 and earlier Description: The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins controller. Users with Extended Read permission or access to the Jenkins controller fi...
CVE-2023-24450
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
PT-2023-16105 · Unknown · Velociraptor
Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.6.7-5 Description: The issue allows a low privilege user to overwrite files on the server, including Velociraptor configuration files, due to the VQL copy function not checking for permission to write files. T...
Esri ArcGIS Server 路径遍历漏洞
Esri ArcGIS Server is a Web-oriented, enterprise-class software platform for delivering geolocation services from Environmental Systems Research Institute Esri, Inc. A security vulnerability exists in Esri ArcGIS Server versions 10.9.1 and earlier, which stems from a path traversal vulnerability...
CVE-2022-2640
The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...
Design/Logic Flaw
The Config-files of Horner Automation’s RCC 972 with firmware version 15.40 are encrypted with weak XOR encryption vulnerable to reverse engineering. This could allow an attacker to obtain credentials to run services such as File Transfer Protocol FTP and Hypertext Transfer Protocol HTTP...
GHSA-JVC3-WJF6-7C6C Apache Dolphin Scheduler has insufficiently protected credentials
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...
CVE-2022-26885
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...
CVE-2022-26885
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...
Design/Logic Flaw
When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...
PT-2022-18122 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.0.6 Description: When using tasks to read config files, there is a risk of database password disclosure. Recommendations: For versions prior to 2.0.6, upgrade to version 2.0.6 or higher...
CVE-2022-26885
Apache Dolphin Scheduler is affected by CVE-2022-26885, where using tasks to read config files can disclose database passwords. The issue stems from improper handling of logs in LoggerRequestProcessor.java, per Veracode and related advisories. Affected product: Dolphin Scheduler server; vulnerabi...
CVE-2022-45392
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2022-43419
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
CVE-2022-43419
Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
Red Hat OpenStack Platform 安全漏洞
Red Hat OpenStack Platform is a cloud computing management platform from the US-based Red Hat, Inc. A security vulnerability exists in Red Hat OpenStack Platform versions 16.1 and 16.2, which stems from an insecure default configuration in Tripleo-ansible, where permissions on sensitive files are...
CVE-2022-34806
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...