SUSE CVE-2010-3297

The eqlgmastercfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQLGETMASTRCFG ioctl call...

U.S. Dept Of Defense: Open Akamai ARL XSS on http://master-config-████████

The Open Akamai ARL on http://master-config-████████ was found to be vulnerable to a Reflected Cross Site Scripting XSS vulnerability. The vulnerability was discovered in the "what" and "where" parameters of the search functionality. The vulnerability allowed the execution of arbitrary JavaScript...

PT-2019-11729 · Jenkins · Jenkins Influxdb Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins InfluxDB Plugin versions 1.21 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master. This allows users with access to the master file...

PT-2019-11379 · Jenkins · Jenkins Upload To Pgyer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Upload to pgyer Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. These credentials can be accessed by users who...

CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file...

CVE-2016-2142

Red Hat OpenShift Enterprise 3.1 is affected by CVE-2016-2142. The issue arises from world-readable permissions on the /etc/origin/master/master-config.yaml file, allowing local users to read Active Directory credentials stored there. The vulnerability is a local-privilege/read-credential disclos...