Lucene search
+L

42 matches found

Github Security Blog
Github Security Blog
added 2023/07/06 9:14 p.m.27 views

Apache InLong Deserialization of Untrusted Data Vulnerability

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the autoDeserialize option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pic...

7.5CVSS6.8AI score0.01228EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/05/24 5:20 p.m.24 views

Synapse does not apply enough checks to servers requesting auth events of events in a room

Impact Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorisation events of events in a room. This is necessary so that a homeserver receiving some events can validate that those...

5CVSS5.2AI score0.00635EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2023/05/22 4:15 p.m.20 views

Default credentials

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password with any character or symbol, attackers can easily guess the user's password and access the...

7.5CVSS9.5AI score0.01233EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/22 3:47 p.m.39 views

CVE-2023-31062 Apache InLong: Privilege escalation vulnerability for InLong

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid but unprivileged account, the exploit can be executed using Burp Suite by sending a login request and...

9.8AI score0.01289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/22 3:17 p.m.15 views

CVE-2023-31101 Apache InLong: Users who joined later can see the data of deleted users

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

6.8AI score0.0111EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:30 p.m.3 views

GHSA-W4V5-54P8-M4J5 Missing permission checks in Jenkins GitHub Pull Request Builder Plugin

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.6AI score0.00821EPSS
Exploits0References3
OSV
OSV
added 2023/01/26 9:30 p.m.5 views

GHSA-M6Q8-MWF6-6MMC CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS5.8AI score0.00556EPSS
Exploits0References2
NVD
NVD
added 2023/01/26 9:18 p.m.33 views

CVE-2023-24436

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.5AI score0.00661EPSS
Exploits0References1
NVD
NVD
added 2023/01/26 9:18 p.m.34 views

CVE-2023-24434

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

8.8CVSS8.8AI score0.00556EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.19 views

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00821EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.4 views

Jenkins Plugin GitHub Pull Request Coverage Status 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin GitHub Pul...

5.5CVSS5.8AI score0.00229EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.7 views

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00661EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.6 views

CVE-2023-24434

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.9AI score0.00556EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-19594 · Jenkins · Jenkins Github Pull Request Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

8.8CVSS8.5AI score0.00556EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.9 views

CVE-2023-24436

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

6.7AI score0.00661EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.43 views

CVE-2023-24435

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5AI score0.00821EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/14 3:23 a.m.4 views

org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000142 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000142...

7.8CVSS6.7AI score0.00376EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/14 3:13 a.m.4 views

org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000186 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000186...

6.5CVSS6.4AI score0.00988EPSS
Exploits0
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.3 views

Microsoft Visual Studio Code 代码注入漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Visual Studio Code, which stems from a GitHub pull request and a remote code execution vulnerability in the extension in question...

7.8CVSS8.2AI score0.02253EPSS
Exploits0References4
exploitpack
exploitpack
added 2020/03/26 12:0 a.m.106 views

Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution

Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Date: 2020-03-25 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link:...

0.1AI score
Exploits0
Rows per page
Query Builder