Lucene search
K

76 matches found

OSV
OSV
added 2025/05/28 2:40 p.m.2 views

GHSA-H5F8-CRRQ-4PW8 Contrast workload secrets leak to logs on INFO level

Impact When the Contrast initializer is configured with a CONTRASTLOGLEVEL of info or debug, the workload secret is logged to stderr and written to Kubernetes logs. Since info is the default setting, this affects all Contrast installations that don't customize their initializers' log level. The...

7.3CVSS6.7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:59 p.m.10 views

CVE-2022-43420

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

5.4CVSS5.4AI score0.00639EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 11:27 p.m.6 views

GO-2025-3455 Contrast's unauthenticated recovery allows Coordinator impersonation in github.com/edgelesssys/contrast

Contrast's unauthenticated recovery allows Coordinator impersonation in github.com/edgelesssys/contrast...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/02/05 9:30 p.m.1 views

GHSA-VQV5-385R-2HF8 Contrast's unauthenticated recovery allows Coordinator impersonation

Impact Recovering coordinators do not verify the seed provided by the recovering party. This allows an attacker to set up a coordinator with a manifest that passes validation, but with a secret seed controlled by the attacker. If network traffic is redirected from the legitimate coordinator to th...

7.1CVSS7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/20 7:37 a.m.5 views

Malicious code in contrast-local-scan-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 652706a3541c937da40c2dbeb200974a14635810d37d52b07ae884e52530c6c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/01/20 7:37 a.m.7 views

MAL-2025-175 Malicious code in contrast-local-scan-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 652706a3541c937da40c2dbeb200974a14635810d37d52b07ae884e52530c6c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSV
OSV
added 2024/08/29 11:15 a.m.3 views

CVE-2024-5987

The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.9 views

PT-2024-37295 · WordPress · Wp Accessibility Helper

Name of the Vulnerable Software and Affected Versions: WP Accessibility Helper plugin versions prior to 0.6.2.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to edit or delete contrast settings due to a missing capability check on the save contrast...

5.4CVSS6.4AI score0.00264EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2022/12/01 11:44 a.m.59 views

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...

9.8CVSS1.3AI score0.32516EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.33 views

Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin

Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

5.4CVSS5.4AI score0.00639EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/10/19 7:0 p.m.28 views

GHSA-HVCR-927W-QCVQ Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin

Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

7.5CVSS5.3AI score0.00639EPSS
Exploits0References5
NVD
NVD
added 2022/10/19 4:15 p.m.27 views

CVE-2022-43420

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

5.4CVSS0.00639EPSS
Exploits0References2
OSV
OSV
added 2022/10/19 4:15 p.m.14 views

CVE-2022-43420

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

5.4CVSS5.3AI score
Exploits0References2
Prion
Prion
added 2022/10/19 4:15 p.m.15 views

Cross site scripting

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

4.9CVSS5.3AI score0.00639EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.7 views

CVE-2022-43420

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

5.2AI score0.00639EPSS
Exploits0References2
CVE
CVE
added 2022/10/19 12:0 a.m.73 views

CVE-2022-43420

CVE-2022-43420 : Jenkins Contrast Continuous Application Security Plugin (versions 3.9 and earlier) contains a stored XSS vulnerability caused by not escaping data returned from the Contrast service when generating a report. Exploitation requires an attacker who can control or modify the Contrast...

5.4CVSS5.2AI score0.00639EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.6 views

PT-2022-26905 · Jenkins · Jenkins Contrast Continuous Application Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Contrast Continuous Application Security Plugin versions 3.9 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape data returned from the Contras...

7.5CVSS5.1AI score0.00639EPSS
Exploits0References9
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.24 views

CVE-2022-43420

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

5.4AI score0.00639EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.5 views

Jenkins Contrast Continuous Application Security Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...

5.4CVSS5.5AI score0.00639EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2022/10/19 12:0 a.m.40 views

CVE-2022-43420

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

5.4CVSS3AI score0.00639EPSS
Exploits0References2
Rows per page
Query Builder