111 matches found
Token stored in plain text by DigitalOcean Plugin
Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system...
com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2058 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)
org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2058 Source advisory: OSV:GHSA-7FPG-PP3M-H22F...
com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2062 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)
org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2062 Source advisory: OSV:GHSA-VXC6-WVH8-FPXW...
com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2066 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)
org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2066 Source advisory: OSV:GHSA-8JFX-H6Q2-V4G3...
GHSA-G892-9H8M-R69R Libcloud does not properly scrub data when destroying a DigitalOcean node
Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...
Libcloud does not properly scrub data when destroying a DigitalOcean node
Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...
Fedora: Security Advisory for doctl (FEDORA-2022-08ae2dd481)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: doctl-1.73.0-2.fc36
The official command line interface for the DigitalOcean API...
Fedora: Security Advisory for doctl (FEDORA-2022-3a63897745)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: doctl-1.73.0-2.fc35
The official command line interface for the DigitalOcean API...
FULL read SSRF
Description there is two bypass method for previous fixes of SSRF in gogs The first is to utilize SSRF attack with a DNS rebinding feature. The second is to use redirection to a localhost URL. Proof of Concept 1- go to the webhooks section and create a gogs webhook. 2- enter an URL that redirects...
WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.2.37 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin versions = 4.2.37. Solution Update the WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more...
WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin <= 4.2.37 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more plugin versions = 4.2.37. Solution Update the WordPress Media Cloud for Amazon S3, Imgix, Google Cloud Storage,...
Exploit for Authentication Bypass by Spoofing in Zabbix
Zabbix SSO Auth Bypass CVE-2022-23131 usage: zabbixsessi...
Terraguard - Create And Destroy Your Own VPN Service Using WireGuard
This project's goal is to be simple to create and destroy your own VPN service using WireGuard. Prerequisites Terraform = 1.0.0 Ansible = 2.10.5 How to Deploy Terraform Run with sudo is necessary because we need permission on localhost to install packages, configure a network interface and start ...
Indiscriminate Exploitation of Microsoft Exchange Servers (CVE-2021-24085)
The following blog post was co-authored by Andrew Christian and Brendan Watters. Beginning Feb. 27, 2021, Rapid7’s Managed Detection and Response MDR team has observed a notable increase in the automated exploitation of vulnerable Microsoft Exchange servers to upload a webshell granting attackers...
Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers
Cloudlist is a multi-cloud tool for getting Assets Hostnames, IP Addresses from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts...
Metasploit Wrap-Up
Hacktoberfest 2020 is happening Metasploit is proud to announce that we're participating in Hacktoberfest 2020. Presented by DigitalOcean, Intel, and DEV, Hacktoberfest is an annual celebration of open-source software during the month of October. The first 70,000 participants to submit 4 pull...
DigitalOcean suffers data breach after leaving internal document online
By Deeba Ahmed DigitalOcean has millions of customers worldwide. Here's what happened... This is a post from HackRead.com Read the original post: DigitalOcean suffers data breach after leaving internal document online...
DigitalOcean Data Leak Incident Exposed Some of Its Customers Data
DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has started warning...