CVE-2022-23597

Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the...

CVE-2022-23597

Element Desktop before 1.9.7 is vulnerable to a remote code execution bug via user interaction that requires a malicious link click followed by another button click. The attacker can specify a binary path on the victim’s machine for execution (arguments cannot be set), and in some configurations ...

CVE-2022-20615

A stored Cross-site scripting XSS vulnerability was found in the Jenkins Matrix Project plugin. There are no escape HTML metacharacters in node, label names, and label descriptions, which allows an attacker with Agent/Configure permissions to perform an XSS attack...

USN-5248-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions,...

Jenkins Matrix Project Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site scripting vulnerability exists in Jenkins Matrix Project Plugin in version 1.19 and earlier, which stems...

com.groupon.jenkins-ci.plugins:DotCi (>=1.1.1 <=2.36.2), com.groupon.jenkins-ci.plugins:DotCi-DockerPublish (>=1.0.0 <=1.0.3) +10 more potentially affected by CVE-2022-20615 via org.jenkins-ci.plugins:matrix-project (=1.2)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:matrix-project and may be impacted: - com.groupon.jenkins-ci.plugins:DotCi =1.1.1, =1.0.0, =1.0.1, =1.1.3, =1.1.0, =1.0.0,...

aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +34 more potentially affected by CVE-2022-20615 via org.jenkins-ci.plugins:matrix-project (>=1.0 <=1.18)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.0, =1.9.2-beta, =0.5, =1.28, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =2021.12.0, =1.0, =1.4.2, =0.34, =1.561, =1.599 and more Source cves: CVE-2022-20615 Source advisory: OSV:GHSA-VQWG-4V6F-H6X5...

Stored XSS vulnerability in Matrix Project Plugin

Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...

GHSA-VQWG-4V6F-H6X5 Stored XSS vulnerability in Matrix Project Plugin

Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...

openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2022:0058-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0058-1 advisory. - When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer...

CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

Cross site scripting

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

CVE-2022-20615

CVE-2022-20615 affects Jenkins Matrix Project Plugin (1.19 and earlier). It arises because HTML metacharacters in node/label names and label descriptions aren’t escaped, causing a stored XSS vulnerability exploitable by users with Agent/Configure permission. Remediation per the connected advisori...

PT-2022-14824 · Jenkins · Jenkins Matrix Project Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Project Plugin versions 1.19 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape HTML metacharacters in node and label names, and label...

Jenkins Plugin 跨站脚本漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site scripting vulnerability exists in Jenkins Matrix Project Plugin in version 1.19 and earlier, which stems...

Fedora: Security Advisory for quaternion (FEDORA-2021-e1572c9b84)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for quaternion (FEDORA-2021-17a9cdcf98)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

What's New in InsightIDR: Q4 2021 in Review

More context and customization around detections and investigations, expanded dashboard capabilities, and more. This post offers a closer look at some of the recent releases in InsightIDR, our extended detection and response XDR solution, from Q4 2021. Over the past quarter, we delivered updates ...