530 matches found
UBUNTU-CVE-2020-13308
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance...
CVE-2020-13308
Removed by vendor...
PT-2020-13449 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A vulnerability was discovered that could prohibit a user without 2 factor authentication enabled from accessing GitLab if they are...
CloudBees Jenkins Project Inheritance Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...
Unspecified Vulnerability in CloudBees Jenkins Project Inheritance Plugin (CNVD-2020-33746)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
CVE-2020-2197
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...
CVE-2020-2197
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...
Code injection
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
Format string
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...
CVE-2020-2197
The vulnerability concerns the Jenkins Project Inheritance Plugin, affecting versions 21.04.03 and earlier (and specifically noted for 19.08.02 and earlier). Affected functionality via the API endpoint /job/…/getConfigAsXML does not enforce Job/ExtendedRead permission, allowing users with only Jo...
CVE-2020-2198
The CVE-2020-2198 issue affects the Jenkins Project Inheritance Plugin where encrypted secrets in a job’s config.xml are not redacted by the getConfigAsXML API when accessed by users without Job/Configure permissions. Multiple sources indicate this affects older plugin versions (e.g., 19.08.02 an...
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
CVE-2020-2197
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...
PT-2020-15411 · Jenkins · Jenkins Project Inheritance Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 21.04.03 and earlier Jenkins Project Inheritance Plugin version 19.08.02 and earlier Description: The issue allows access to Inheritance Project job configurations in XML format without requiring th...
GitLab: Use of Ruby Forwardable module and runtime meta-programming may introduce vulnerabilities
I was digging through the gitlab-foss repository and noticed an interested pattern that seems to be adopted in a few places: the use of Forwardable with meta-programming over delegators, explicit attrreader methods or methodmissing. Heads up: the arbitrary file read vulnerability I demonstrate in...
UBUNTU-CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
The vulnerability of the inheritance mechanism for Firefox’s security policy allows a perpetrator to gain unauthorized access to confidential data and compromise the integrity of those data.
The vulnerability of the Firefox browser’s security inheritance mechanism is related to the lack of measures to protect the structure of web pages. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to confidential data and compromise data integrity...