76 matches found
GHSA-H5F8-CRRQ-4PW8 Contrast workload secrets leak to logs on INFO level
Impact When the Contrast initializer is configured with a CONTRASTLOGLEVEL of info or debug, the workload secret is logged to stderr and written to Kubernetes logs. Since info is the default setting, this affects all Contrast installations that don't customize their initializers' log level. The...
CVE-2022-43420
Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...
GO-2025-3455 Contrast's unauthenticated recovery allows Coordinator impersonation in github.com/edgelesssys/contrast
Contrast's unauthenticated recovery allows Coordinator impersonation in github.com/edgelesssys/contrast...
GHSA-VQV5-385R-2HF8 Contrast's unauthenticated recovery allows Coordinator impersonation
Impact Recovering coordinators do not verify the seed provided by the recovering party. This allows an attacker to set up a coordinator with a manifest that passes validation, but with a secret seed controlled by the attacker. If network traffic is redirected from the legitimate coordinator to th...
Malicious code in contrast-local-scan-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 652706a3541c937da40c2dbeb200974a14635810d37d52b07ae884e52530c6c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-175 Malicious code in contrast-local-scan-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 652706a3541c937da40c2dbeb200974a14635810d37d52b07ae884e52530c6c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-5987
The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...
PT-2024-37295 · WordPress · Wp Accessibility Helper
Name of the Vulnerable Software and Affected Versions: WP Accessibility Helper plugin versions prior to 0.6.2.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to edit or delete contrast settings due to a missing capability check on the save contrast...
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...
GHSA-HVCR-927W-QCVQ Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...
CVE-2022-43420
Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...
CVE-2022-43420
Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...
Cross site scripting
Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...
CVE-2022-43420
Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...
CVE-2022-43420
CVE-2022-43420 : Jenkins Contrast Continuous Application Security Plugin (versions 3.9 and earlier) contains a stored XSS vulnerability caused by not escaping data returned from the Contrast service when generating a report. Exploitation requires an attacker who can control or modify the Contrast...
PT-2022-26905 · Jenkins · Jenkins Contrast Continuous Application Security Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Contrast Continuous Application Security Plugin versions 3.9 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape data returned from the Contras...
CVE-2022-43420
Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...
Jenkins Contrast Continuous Application Security Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...
CVE-2022-43420
Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...