284 matches found
Privilege Escalation
github.com/coreos/ignition is vulnerable to Privilege Escalation. The vulnerability exists due to the main function of main.go does not properly set the ignition-apply and ignition-rmcfg parameters according to the filepath.base arguments, allowing an attacker to access unprivileged containers in...
GHSA-RR2R-G6XM-58XJ Cross Site Request Forgery in Jenkins Storable Configs Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
GHSA-WQMP-2P5R-RHFV XML External Entity Reference in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller...
XML External Entity Reference in Jenkins Storable Configs Plugin
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller...
Cross Site Request Forgery in Jenkins Storable Configs Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30972
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
CVE-2022-30972
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Storable Configs Plugin 1.0 and earlier allows attackers to have Jenkins parse a local XML file e.g., archived artifacts that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery...
Xxe
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30972
CVE-2022-30972 affects Jenkins Storable Configs Plugin 1.0 and earlier. The vulnerability arises because the XML parser is not configured to prevent XML external entity (XXE) attacks, allowing an attacker to have Jenkins parse a local XML file (e.g., archived artifacts) that uses external entitie...
CVE-2022-30971
Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-30971
CVE-2022-30971 – Jenkins Storable Configs Plugin XXE . The vulnerability is in Jenkins Storable Configs Plugin 1.0 and earlier, where the XML parser is not configured to prevent XML External Entity (XXE) attacks. This is confirmed by multiple sources in the provided documents (NVD entry for CVE-2...
new packages: copy-jdk-configs
An update is available for copy-jdk-configs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
Jenkins Storable Configs Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Storable Configs Plugin 1.0 and...
PT-2022-20429 · Jenkins · Jenkins Storable Configs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to have Jenkins parse a local XML file, such as archived artifacts, that uses external entities for...
Jenkins Storable Configs Plugin 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An XML external entity injection...
PT-2022-20428 · Jenkins · Jenkins Storable Configs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have...