CVE-2022-34178

CVE-2022-34178 affects Jenkins’ Embeddable Build Status Plugin (version 2.0.3). The vulnerability is a reflected XSS caused by accepting an unrestricted link query parameter in the badge URL, which can be reflected in the UI. The issue is addressed in the fixed release 2.0.4, which limits URLs to...

Jenkins Plugin Embeddable Build Status 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that is vulnerable to an authorization issue in Jenkins Embeddable Build Status Plugin 2.0.3 and earlier, which stems from an inability to properly perform a ViewStatus...

Malicious code in redtail-embeddable-ringcentral-phone (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37e5c999eca221f2f5469510f6d07da2dbc50c0975f465433eaa4eaccbc506c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5725 Malicious code in redtail-embeddable-ringcentral-phone (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37e5c999eca221f2f5469510f6d07da2dbc50c0975f465433eaa4eaccbc506c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5341 Malicious code in pipedrive-embeddable-ringcentral-phone-spa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bc150e5ccb4209c706e7a4df2edfb54c9bbe1fc826a89a7bc5f011fe54676a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pipedrive-embeddable-ringcentral-phone-spa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bc150e5ccb4209c706e7a4df2edfb54c9bbe1fc826a89a7bc5f011fe54676a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5340 Malicious code in pipedrive-embeddable-engage-phone (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d86a390ab51c1f55c23ea94dbf9a4faf91454d565be06c287514428ec0a36de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pipedrive-embeddable-engage-phone (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0d86a390ab51c1f55c23ea94dbf9a4faf91454d565be06c287514428ec0a36de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5801 Malicious code in ringcentral-embeddable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2303a28c76ef17d4e75fba07bfd2babea89fc6b920625a97497ea3d58bea689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ringcentral-embeddable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2303a28c76ef17d4e75fba07bfd2babea89fc6b920625a97497ea3d58bea689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in engage-voice-embeddable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3893913d5991d5888f072fb5bbf309b8b7010adaaa82fc42e345e155e3176c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2743 Malicious code in engage-voice-embeddable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3893913d5991d5888f072fb5bbf309b8b7010adaaa82fc42e345e155e3176c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ringcentral-embeddable-voice-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e26708790bea350630a42eef22ba9983932628c0a5bd1b2dbf0f4e9918a03e38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ringcentral-embeddable-rcv-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da68955a1904398fe86c055d6519637d9cfc03bd537939c4de96ff3492b6bd3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5803 Malicious code in ringcentral-embeddable-rcv-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da68955a1904398fe86c055d6519637d9cfc03bd537939c4de96ff3492b6bd3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ringcentral-embeddable-rcv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e04948ff03ec62315dd0e3d33e3e94e2a7746f28be0f3f60bfec43ab1017be41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5802 Malicious code in ringcentral-embeddable-rcv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e04948ff03ec62315dd0e3d33e3e94e2a7746f28be0f3f60bfec43ab1017be41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-94RJ-C4JJ-V476 Jenkins Embeddable Build Status Plugin contains Cross-site Scripting

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin...

GHSA-7RPJ-HG47-CX62 Improper Restriction of XML External Entity Reference in com.h2database:h2.

H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it...

Install Python for Windows

This module places an embeddable Python3 distribution onto the target file system, granting pentesters access to a lightweight Python interpreter. This module does not require administrative privileges or user interaction with installation prompts. This module requires Metasploit:...