Lucene search
K

111 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:8 p.m.45 views

Token stored in plain text by DigitalOcean Plugin

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system...

4.3CVSS4.9AI score0.00691EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 3:53 a.m.4 views

com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2058 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)

org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2058 Source advisory: OSV:GHSA-7FPG-PP3M-H22F...

6.5CVSS5.8AI score0.01844EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/17 3:53 a.m.4 views

com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2062 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)

org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2062 Source advisory: OSV:GHSA-VXC6-WVH8-FPXW...

6.5CVSS5.8AI score0.01748EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/17 3:53 a.m.10 views

com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2066 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)

org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2066 Source advisory: OSV:GHSA-8JFX-H6Q2-V4G3...

6.8CVSS5.8AI score0.02061EPSS
Exploits0
OSV
OSV
added 2022/05/14 2:54 a.m.16 views

GHSA-G892-9H8M-R69R Libcloud does not properly scrub data when destroying a DigitalOcean node

Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...

2.1CVSS5.3AI score0.0206EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2022/05/14 2:54 a.m.22 views

Libcloud does not properly scrub data when destroying a DigitalOcean node

Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...

2.1CVSS5.8AI score0.0206EPSS
Exploits1References12Affected Software1
OpenVAS
OpenVAS
added 2022/05/08 12:0 a.m.16 views

Fedora: Security Advisory for doctl (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS10AI score0.03931EPSS
Exploits0References2
Fedora
Fedora
added 2022/05/07 5:6 a.m.25 views

[SECURITY] Fedora 36 Update: doctl-1.73.0-2.fc36

The official command line interface for the DigitalOcean API...

7.5CVSS2.9AI score0.03931EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/04/29 12:0 a.m.9 views

Fedora: Security Advisory for doctl (FEDORA-2022-3a63897745)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS10AI score0.03931EPSS
Exploits0References2
Fedora
Fedora
added 2022/04/28 5:53 a.m.28 views

[SECURITY] Fedora 35 Update: doctl-1.73.0-2.fc35

The official command line interface for the DigitalOcean API...

7.5CVSS2.9AI score0.03931EPSS
Exploits0
Huntr
Huntr
added 2022/04/06 3:10 p.m.41 views

FULL read SSRF

Description there is two bypass method for previous fixes of SSRF in gogs The first is to utilize SSRF attack with a DNS rebinding feature. The second is to use redirection to a localhost URL. Proof of Concept 1- go to the webhooks section and create a gogs webhook. 2- enter an URL that redirects...

4.3CVSS6.6AI score0.01193EPSS
Exploits1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.22 views

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.2.37 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin versions = 4.2.37. Solution Update the WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more...

3.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.18 views

WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.2.37 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin versions = 4.2.37. Solution Update the WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage,...

3.7AI score
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2022/02/23 4:34 p.m.743 views

Exploit for Authentication Bypass by Spoofing in Zabbix

Zabbix SSO Auth Bypass CVE-2022-23131 usage: zabbixsessi...

9.8CVSS9.6AI score0.95683EPSS
Exploits9
Kitploit
Kitploit
added 2021/07/24 9:30 p.m.89 views

Terraguard - Create And Destroy Your Own VPN Service Using WireGuard

This project's goal is to be simple to create and destroy your own VPN service using WireGuard. Prerequisites Terraform = 1.0.0 Ansible = 2.10.5 How to Deploy Terraform Run with sudo is necessary because we need permission on localhost to install packages, configure a network interface and start ...

7.4AI score
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2021/03/02 7:53 p.m.1024 views

Indiscriminate Exploitation of Microsoft Exchange Servers (CVE-2021-24085)

The following blog post was co-authored by Andrew Christian and Brendan Watters. Beginning Feb. 27, 2021, Rapid7’s Managed Detection and Response MDR team has observed a notable increase in the automated exploitation of vulnerable Microsoft Exchange servers to upload a webshell granting attackers...

1.6AI score0.99999EPSS
Exploits71
Kitploit
Kitploit
added 2021/02/05 8:30 p.m.113 views

Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers

Cloudlist is a multi-cloud tool for getting Assets Hostnames, IP Addresses from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts...

7.6AI score
Exploits0References6
Rapid7 Blog
Rapid7 Blog
added 2020/10/16 4:26 p.m.24 views

Metasploit Wrap-Up

Hacktoberfest 2020 is happening Metasploit is proud to announce that we're participating in Hacktoberfest 2020. Presented by DigitalOcean, Intel, and DEV, Hacktoberfest is an annual celebration of open-source software during the month of October. The first 70,000 participants to submit 4 pull...

Exploits0
HackRead
HackRead
added 2020/05/09 2:33 p.m.71 views

DigitalOcean suffers data breach after leaving internal document online

By Deeba Ahmed DigitalOcean has millions of customers worldwide. Here's what happened... This is a post from HackRead.com Read the original post: DigitalOcean suffers data breach after leaving internal document online...

2.4AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/08 8:8 p.m.93 views

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data

DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has started warning...

0.9AI score
Exploits0
Rows per page
Query Builder