CVE-2023-25601 Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the...

CVE-2023-27651

An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the updateinfo field of the default.xml file...

PT-2023-18794 · Tigergraph · Tigergraph Enterprise Free Edition

Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: An issue was discovered where an authentication token for internal system use is created and can be read from the configuration file. Using this token on the REST API provides an...

CVE-2023-22951

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...

CVE-2023-22951

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints...

GHSA-96C7-FQXV-RMV7 Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

CVE-2023-30530

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Jenkins Plugin Report Portal 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-22760 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: Jenkins Consul KV Builder Plugin versions 2.0.13 and earlier Description: The issue concerns the storage and display of the HashiCorp Consul ACL Token in the Jenkins Consul KV Builder Plugin. Specifically, the token is stored unencrypted in t...

CVE-2023-1552

ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...

PT-2023-6557 · Siemens · Tia Portal

Name of the Vulnerable Software and Affected Versions: Totally Integrated Automation Portal TIA Portal versions V15 through V18 Update 1, with the following specifics: TIA Portal versions V15 TIA Portal versions V16 through V16 Update 7 TIA Portal versions V17 through V17 Update 6 TIA Portal...

CVE-2023-26466

A user with non-Admin access can change a configuration file on the client to modify the Server URL...

CVE-2023-26466

A user with non-Admin access can change a configuration file on the client to modify the Server URL...

CVE-2023-26466

CVE-2023-26466 concerns Pegasystem PEGA Platform. A user with non-admin privileges can modify a client configuration file to change the Server URL, enabling potential manipulation of where the client talks to. The CVSS-derived impact is rated high across confidentiality, integrity, and availabili...

CVE-2023-26466

A user with non-Admin access can change a configuration file on the client to modify the Server URL...

CVE-2023-26112

A flaw was found in python-configobj via the Validator function at python-configobj/validate.py. This issue only occurs in the case of a developer putting the offending value in a server side configuration file, which could lead to a Regular Expression Denial of Service ReDoS...

configobj ReDoS exploitable by developer using values in a server-side configuration file

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

CVE-2023-26112

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...

py39-configobj -- vulnerable to Regular Expression Denial of Service

DarkTinia reports: All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file...