GHSA-M6Q8-MWF6-6MMC CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-24452

A cross-site request forgery CSRF vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

PT-2023-19067 · Blue Coat · Bluecat Device Registration Portal

Name of the Vulnerable Software and Affected Versions: BlueCat Device Registration Portal version 2.2 Description: The issue allows XXE attacks that can exfiltrate single-line files, potentially containing credentials, such as those found in .netrc files. For example, a single-line file might...

PT-2022-6667 · Cisco · Cisco Secure Workload

Name of the Vulnerable Software and Affected Versions: Cisco Secure Workload affected versions not specified Description: A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should...

PT-2022-25764 · Jenkins · Jenkins Scm Httpclient Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SCM HttpClient Plugin versions 1.5 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs, capturing credentia...

PT-2022-4042 · Compuware +1 · Jenkins Compuware Topaz Utilities Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Topaz Utilities Plugin versions 1.0.8 and earlier Description: The issue is related to a missing permission check in the Jenkins Compuware Topaz Utilities Plugin, which can be exploited by attackers with Overall/Read...

Jenkins Plugin Deployment Dashboard 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Deployment Dashboard Plugin versio...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager versions prior to 2022.1.8 that stems from an information disclosure vulnerability in My Account...

GHSA-5HVR-3FCR-WX8C Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin

A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials...

Jenkins Publish Over FTP Plugin 访问控制错误漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Publish Over FTP Plugin 1.16 an...

ZOHO ManageEngine Remote Access Plus 安全漏洞

ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. An information disclosure vulnerability exists in ZOHO ManageEngine Remote Access Plus Server prior to version 10.1.2132.6, which stems from a privilege management Improperly managed, the process will start as a...

dotnet: System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if TLS handshake fails

A flaw was found in dotnet, where the System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if the Transport Layer Security TLS handshake fails. This flaw allows an attacker to intercept sensitive information. The highest threat from this vulnerability is to...

Moxa MXview Network Management Software 路径遍历漏洞

Moxa MXview is a network management software used to monitor and diagnose industrial networks.A security vulnerability exists in Moxa MXview. An attacker could exploit the vulnerability to obtain credentials...

CVE-2021-21584

Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials...

Jenkins 授权问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins XebiaLabs XL Deploy Plugin has an authorization issue vulnerability that stems from incorrect privilege checking ...

USN-4980-1 policykit-1 vulnerability

Kevin Backhouse discovered that polkit incorrectly handled errors in the polkitsystembusnamegetcredssync function. A local attacker could possibly use this issue to escalate privileges...

PT-2021-14657 · Jenkins · Jenkins Bumblebee Hp Alm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Bumblebee HP ALM Plugin versions 4.1.5 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins controller. Specifically, the credentials are...

PT-2020-16890 · Sonarsource · Sonarqube

Name of the Vulnerable Software and Affected Versions: SonarQube version 8.4.2.36762 Description: The issue allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the "api/settings/values" URI. The vendor's position is that it is the administrator's responsibility to...

RangeeOS Credentials Plaintext Storage Vulnerability

RangeeOS is a Linux operating system designed and developed specifically for thin clients, including all necessary software modules. A credentials plaintext storage vulnerability exists in multiple modules in RangeeOS 8.0.4. A local attacker with access to the underlying operating system could...

PT-2020-15371 · Jenkins +1 · Jenkins Zephyr For Jira Test Management Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr for JIRA Test Management Plugin versions 1.5 and earlier Description: The issue concerns the storage of credentials in plain text in a global configuration file on the Jenkins master file system. Specifically, the Zephyr for JI...