Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

CVE-2019-10408

The CVE refers to Jenkins Project Inheritance Plugin (2.0.0 and earlier) with a CSRF vulnerability caused by a missing permission check in the HTTP endpoint that triggers project creation from templates. This allowed users, potentially with limited access, to trigger project generation without pr...

CVE-2019-10407

CVE-2019-10407 affects Jenkins Project Inheritance Plugin (versions 2.0.0 and earlier; also referenced as 19.08.02 and earlier in extended advisories). The vulnerability stems from the plugin displaying a list of environment variables passed to a build without masking sensitive variables contribu...

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

CVE-2019-10408

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

CVE-2019-10409

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

CVE-2019-10409

The CVE concerns Jenkins Project Inheritance Plugin, affecting 2.0.0 and earlier. Root cause: missing permission check allows users with Overall/Read to trigger project generation from templates. Impact: unauthorized project creation without elevated privileges. Exploitation status is not detaile...

CVE-2019-10409

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...

PT-2019-11801 · Jenkins · Jenkins Project Inheritance Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 2.0.0 and earlier Jenkins Project Inheritance Plugin versions 19.08.02 and earlier Description: The issue concerns the display of environment variables passed to a build without properly masking...

PT-2019-11803 · Jenkins · Jenkins Project Inheritance Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 2.0.0 and earlier Jenkins Project Inheritance Plugin versions 19.08.01 and earlier Description: A missing permission check in the Jenkins Project Inheritance Plugin allowed attackers with Overall/Re...

NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0098)

The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel allows attackers to cause a denial of service double free or possibly have...

Description of the security update for SharePoint Server 2019: July 9, 2019

Description of the security update for SharePoint Server 2019: July 9, 2019 Summary This security update resolves an Authentication Bypass vulnerability that allows SAML tokens to be signed by using arbitrary symmetric keys in Windows Communication Foundation WCF and Windows Identity Foundation...

CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

UBUNTU-CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

CVE-2019-5799

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page...

DEBIAN-CVE-2019-5799

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page...

UBUNTU-CVE-2019-5799

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1500)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of...

chromium-browser: CSP bypass with blob URL

Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page...