Missing permission check in Jenkins Project Inheritance Plugin

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...

GHSA-HJ32-9MCW-5CWH Missing permission check in Jenkins Project Inheritance Plugin

Jenkins limits access to job configuration XML data config.xml to users with Job/ExtendedRead permission, typically implied by Job/Configure permission. Project Inheritance Plugin has several job inspection features, including the API URL /job/…​/getConfigAsXML for its Inheritance Project job typ...

Missing permission check in Jenkins Project Inheritance Plugin

A missing permission check in Jenkins Project Inheritance Plugin 19.08.01 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery

Project Inheritance Plugin allows the creation of projects based on templates defined in the plugin configuration. A missing permission check in the HTTP endpoint triggering project creation allowed users with Overall/Read permission to create these projects. Additionally, the HTTP endpoint did n...

GHSA-GPMW-H4WQ-4RCH Missing permission check in Jenkins Project Inheritance Plugin

A missing permission check in Jenkins Project Inheritance Plugin 19.08.01 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

GHSA-XC7Q-P3F4-Q389 Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery

Project Inheritance Plugin allows the creation of projects based on templates defined in the plugin configuration. A missing permission check in the HTTP endpoint triggering project creation allowed users with Overall/Read permission to create these projects. Additionally, the HTTP endpoint did n...

Apple macOS Monterey 权限许可和访问控制问题漏洞

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey versions 12.0 21A344 - 12.3.1 21E258 suffer from a Permission Granting and Access Control Issue vulnerability that stems from a plug-in that may be able to inherit...

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

Mozilla: Bypassing permission prompt in nested browsing contexts

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

CVE-2022-29909

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

UBUNTU-CVE-2022-29909

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

CVE-2022-29909

The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions...

“URGENT BUSINESS PROPOSAL!!!” 419 scammer wants your help to move someone’s inheritance

We’ve received several emails over the last couple of days which follow the classic 419 mail scam method. Titled “URGENT BUSINESS PROPOSAL!!!”, the mail reads as follows: Greetings, I am Mukhtar M. Hussain. I got your contact information from a reputable business/professional directory. I'm worki...

GSD-2022-1000285 Unsafe default configuration values in Nginx version all version

INFORMATIONAL In Nginx, all versions, a number of unsafe default configuration values exists in the web server that can be attacked via the network resulting in disclosure of information and availability. These include but are not limited to: 1. Not enough file descriptors per worker 2. The...

GHSA-88G8-F5MF-F5RJ Improper Initialization in OpenZeppelin

In OpenZeppelin =v4.4.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an...

CVE-2021-46320

In OpenZeppelin =v4.4.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an...

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin =v4.4.0 that stems from initializer functions that are called separately from contract creation the most notable example being minimal proxies and can be re-enter...

CVE-2021-43055

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected...