Lucene search
+L

233 matches found

Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.6 views

CVE-2022-43417

Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

4.5AI score0.00554EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.11 views

PT-2022-26902 · Jenkins · Jenkins Katalon Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Katalon Plugin versions 1.0.32 and earlier Description: The issue allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturin...

4.3CVSS4.4AI score0.00554EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.6 views

PT-2022-26903 · Jenkins · Jenkins Katalon Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Katalon Plugin versions 1.0.33 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.3CVSS4.5AI score0.00397EPSS
Exploits0References10
OSV
OSV
added 2022/09/21 4:15 p.m.7 views

CVE-2022-41246

A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.8AI score0.00612EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/21 3:46 p.m.4 views

CVE-2022-41254

Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.4AI score0.00676EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/21 3:46 p.m.3 views

CVE-2022-41250

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.4AI score0.00551EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.3 views

PT-2022-25766 · Jenkins · Jenkins Scm Httpclient Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SCM HttpClient Plugin versions 1.5 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials ID...

6.5CVSS6.3AI score0.00551EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.6 views

Jenkins CONS3RT Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

8.8CVSS7.8AI score0.00485EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.5 views

PT-2022-4022 · Jenkins · Jenkins Coverity Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Coverity Plugin versions 1.11.4 and earlier Description: The issue is related to a missing permission check in the Jenkins Coverity Plugin, which can be exploited by attackers with Overall/Read permission to connect to an...

8.1CVSS7.7AI score0.0073EPSS
Exploits0References9
Kitploit
Kitploit
added 2022/07/18 12:30 p.m.49 views

Koh - The Token Stealer

Koh is a C and Beacon Object File BOF toolset that allows for the capture of user credential material via purposeful token/logon session leakage. Some code was inspired by Elad Shamir's Internal-Monologue project no license, as well as KB180548. For why this is possible and Koh's approeach, see t...

7AI score
Exploits0References10
CNVD
CNVD
added 2022/07/04 12:0 a.m.39 views

Jenkins XebiaLabs XL Release Plugin Licensing Issue Vulnerability (CNVD-2022-58430)

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...

4CVSS2.1AI score0.00651EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.5 views

CVE-2022-34781

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS5.9AI score0.00651EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.4 views

PT-2022-22332 · Xebialabs +1 · Jenkins Xebialabs Xl Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Release Plugin versions 22.0.0 and earlier Description: The issue is related to missing permission checks in the Jenkins XebiaLabs XL Release Plugin, allowing attackers with Overall/Read permission to connect to an...

6.5CVSS6.2AI score0.00651EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.5 views

Jenkins XebiaLabs XL Release Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins XebiaLabs XL Release Plugin...

6.5CVSS5.6AI score0.00651EPSS
Exploits0References6
NVD
NVD
added 2022/06/17 2:15 p.m.28 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.5CVSS0.0076EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/17 2:15 p.m.2 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.5CVSS6.2AI score0.0076EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/06/17 2:15 p.m.49 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.5CVSS6.2AI score0.0076EPSS
Exploits0References3
OSV
OSV
added 2022/06/17 1:39 p.m.29 views

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

5.5CVSS6.9AI score0.0076EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2022/06/09 12:8 p.m.42 views

Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector

Cybersecurity researchers have taken the wraps off what they call a "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal...

0.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.18 views

Missing permission check in Jenkins Docker Plugin

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

6.5CVSS6.7AI score0.01691EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder