Lucene search
K

58 matches found

Vulnrichment
Vulnrichment
added 2025/07/17 10:13 a.m.4 views

CVE-2025-3415

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

4.3CVSS7.1AI score0.0089EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/17 12:0 a.m.4 views

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana that stems from inadequate protecti...

4.3CVSS6.2AI score0.0089EPSS
Exploits0References2
Grafana
Grafana
added 2025/07/17 12:0 a.m.10 views

Grafana Alerting DingDing Integration URL Exposed to Viewers

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

4.3CVSS6.3AI score0.0089EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/06/24 11:25 p.m.2 views

SUSE CVE-2025-3415

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

4.3CVSS6.9AI score0.0089EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/06/19 12:0 a.m.8 views

FreeBSD : Grafana -- DingDing contact points exposed in Grafana Alerting (6548cb01-4c33-11f0-8a97-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6548cb01-4c33-11f0-8a97-6c3be5272acd advisory. Grafana Labs reports: An incident occurred where the DingDing alerting integration URL was inadvertentl...

4.3CVSS5.6AI score0.0089EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.6 views

PT-2025-25459

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A medium-severity flaw in Grafana Alerting exposes sensitive DingDing contact point URLs to viewers. This issue may lead to data exposure. Recommendations Update to a patched version to resol...

8.6CVSS6.9AI score0.03711EPSS
Exploits1References219
RedhatCVE
RedhatCVE
added 2025/05/23 4:29 a.m.8 views

CVE-2023-50772

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.6AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:41 a.m.8 views

CVE-2019-10433

Jenkins Dingding钉钉 Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.3CVSS6.7AI score0.00409EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/14 9:31 p.m.1 views

Improper Input Validation

Overview io.jenkins.plugins:dingding-notifications is a Dingtalk for jenkins. Affected versions of this package are vulnerable to Improper Input Validation due to the unconditional disabling of SSL/TLS certificate and hostname validation for connections. An attacker can intercept and manipulate...

6CVSS6.9AI score0.00199EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/04/05 12:0 a.m.7 views

Grafana -- DingDing contact points exposed in Grafana Alerting

Grafana Labs reports: An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a setting oversight, which we learned about through a bug bounty report. The CVSS 3.0 score for this vulnerability is 4.3 Medium...

4.3CVSS7.1AI score0.0089EPSS
Exploits0References1
OSV
OSV
added 2023/12/13 6:31 p.m.17 views

GHSA-WJR6-V4C7-8CV6 Tokens stored in plain text by Dingding JSON Pusher Plugin

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS4.8AI score0.00347EPSS
Exploits0References3
OSV
OSV
added 2023/12/13 6:31 p.m.22 views

GHSA-Q5CJ-XF99-79M8 Displayed in plain text by Dingding JSON Pusher Plugin

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

4.3CVSS4.8AI score0.00347EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/12/13 6:31 p.m.32 views

Tokens stored in plain text by Dingding JSON Pusher Plugin

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS6.9AI score0.00347EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/12/13 6:15 p.m.24 views

CVE-2023-50773

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

4.3CVSS0.00347EPSS
Exploits0References2
NVD
NVD
added 2023/12/13 6:15 p.m.34 views

CVE-2023-50772

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS0.00347EPSS
Exploits0References2
OSV
OSV
added 2023/12/13 6:15 p.m.17 views

CVE-2023-50773

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

4.3CVSS4.6AI score
Exploits0References2
OSV
OSV
added 2023/12/13 6:15 p.m.24 views

CVE-2023-50772

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS4.6AI score
Exploits0References2
Prion
Prion
added 2023/12/13 6:15 p.m.26 views

Design/Logic Flaw

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4CVSS6.9AI score0.00347EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/13 6:15 p.m.17 views

Design/Logic Flaw

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

4CVSS7AI score0.00347EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/12/13 5:30 p.m.44 views

CVE-2023-50773

CVE-2023-50773 affects Jenkins Dingding JSON Pusher Plugin 2.0 and earlier. The vulnerability arises because the plugin stores access tokens unencrypted in job config.xml (CVE-2023-50772) and does not mask access tokens displayed on the job configuration form (CVE-2023-50773). This can allow atta...

4.3CVSS4.5AI score0.00347EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder