63 matches found
META-INF Kft. Email This Issue 安全漏洞
META-INF Kft. Email This Issue is an advanced email management plugin for Jira from Hungarian company META-INF Kft. A security vulnerability exists in versions prior to META-INF Kft. Email This Issue 9.13.0-GA, which stems from the injection of a specially crafted payload into the recipient field...
CVE-2022-45129
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...
[SECURITY] Fedora 40 Update: sisu-mojos-0.9.0~M2-4.fc40
The Sisu Plugin for Maven provides mojos to generate META-INF/sisu/javax.inject.Named index files for the Sisu container...
Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4, 8.0.0 prior to 8.0.4 or 8.1.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers w...
Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...
CVE-2022-45129
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...
Code injection
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...
Payara Server 路径遍历漏洞
Payara Server is a cloud-native, innovative open source middleware platform from Payara UK. A security vulnerability exists in versions of Payara prior to 2022-11-04. This vulnerability allows an attacker to access the META-INF and WEB-INF.The following products and versions are affected: Payara...
CVE-2022-45129
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...
CVE-2022-45129
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...
GHSA-2C65-RQ62-FQHQ Path traversal in Gitblit
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...
CVE-2022-31268
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...
Path traversal
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ e.g., followed by a WEB-INF or META-INF pathname...
GHSA-X6JW-2F23-MC5J Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitiv...
CVE-2020-36240
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check...
Crowd 安全漏洞
Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization and other features for multi-user, web applications and directory servers. A security vulnerability exists in Crowd before version 4.0.4, and from version 4.1.0 before...
Atlassian Jira Server and Jira Data Center Path Traversal Vulnerability
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian Jira Server and Jira Data Center are...
CVE-2020-29453
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access che...
CVE-2020-29448
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect...
Path traversal
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect...