Jenkins Storable Configs Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Storable Configs Plugin 1.0 and...

PT-2022-20429 · Jenkins · Jenkins Storable Configs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to have Jenkins parse a local XML file, such as archived artifacts, that uses external entities for...

Jenkins Storable Configs Plugin 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An XML external entity injection...

PT-2022-20428 · Jenkins · Jenkins Storable Configs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have...

[SECURITY] Fedora 36 Update: golang-github-xordataexchange-crypt-0.0.2-11.20190412gitb2862e3.fc36

Store and retrieve encrypted configs from etcd or consul...

Fedora: Security Advisory for golang-github-xordataexchange-crypt (FEDORA-2022-5cbd6de569)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Go to Hummingbird's Settings Configs edit the "Name and Description" and put the following...

CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads

One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads...

Mageia: Security Advisory (MGASA-2018-0218)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unbreakable Enterprise kernel security update

5.4.17-2136.302.6.1 - rds/ib: Use both iova and key in freemr socket call aru kolappan Orabug:33667276 5.4.17-2136.302.6 - Revert fs: align IOCB flags with RWF flags Prasad Singamsetty Orabug: 33627551 5.4.17-2136.302.5 - Revert drm: Initialize struct drmcrtcstate.novblank from device settings...

copy-jdk-configs bug fix and enhancement update

An update is available for copy-jdk-configs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

ALBA-2021:4255 copy-jdk-configs bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

This Week in Security News - September 3, 2021

Proxytoken vulnerability can modify Exchange server configs and Lockbit jumps its own countdown, publishes Bangkok Air files...

CVE-2020-28466

CVE-2020-28466 affects the nats-server component at github.com/nats-io/nats-server/server. The issue arises from an export/import cycle between accounts that untrusted users can trigger, causing the server to crash (denial of service) by consuming CPU/memory. Connected advisories indicate the 2.x...

CVE-2021-1265

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear...

copy-jdk-configs bug fix and enhancement update

An update is available for copy-jdk-configs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CloudBees Jenkins Storable Configs Plugin Arbitrary File Read Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An arbitrary file read...

CVE-2020-2278

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content...

CVE-2020-2277

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...

CVE-2020-2277

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller...