RHCOS 4 : OpenShift Container Platform 4.7.13 (RHSA-2021:2122)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2122 advisory. - golang: data race in certain net/http servers including ReverseProxy can lead to DoS CVE-2020-15586 - golang: ReadUvarint and...

CVE-2022-45388

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...

PT-2023-27397 · Jenkins · Jenkins Config File Provider Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 952.va 544a 6234b 46 and earlier Description: The issue concerns the Jenkins Config File Provider Plugin, where credentials specified in configuration files are not masked when written to the build...

Design/Logic Flaw

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...

CVE-2022-45388

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...

CVE-2021-21644

Summary: CVE-2021-21644 affects Jenkins Config File Provider Plugin 3.7.0 and earlier. The vulnerability arises from an HTTP endpoint that does not require POST requests, enabling a CSRF attack to delete configuration files by attacker-specified IDs. The issue is addressed by upgrading to 3.7.1, ...

CVE-2021-21644

A cross-site request forgery CSRF vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID...