CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2020/10/19 4:47 p.m.•121 views

CVE-2020-26891

CVE-2020-26891 affects Matrix Synapse prior to version 1.21.0. The vulnerability is an XSS flaw in AuthRestServlet caused by unsafe interpolation of the session GET parameter, which could allow an attacker to craft a malicious URL that triggers script execution on the Synapse-hosted domain via en...

6.1CVSS5.9AI score0.01908EPSS

Exploits0References4Affected Software1

Debian CVE•added 2020/10/19 4:47 p.m.•19 views

CVE-2020-26891

6.1CVSS6.3AI score0.01908EPSS

Tenable Nessus•added 2020/10/19 12:0 a.m.•19 views

FreeBSD : py-matrix-synapse -- XSS vulnerability (5f39d80f-107c-11eb-8b47-641c67a117d8)

Matrix developers reports : The fallback authentication endpoint served via Synapse were vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities,...

6.1CVSS6.6AI score0.01908EPSS

Exploits0References5

vulnersOsv•added 2020/10/16 4:56 p.m.•3 views

matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-temp-mail-checker (>=0.1.2 <=0.1.5) +6 more potentially affected by CVE-2020-26891 via matrix-synapse (>=0.33.9 <=1.153.0)

matrix-synapse PYPI version =0.33.9, =0.1.1, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2020-26891 Source advisory: OSV:GHSA-3X8C-FMPC-5RMQ...

6.1CVSS6.8AI score0.01908EPSS

OSV•added 2020/10/05 3:29 p.m.•9 views

SUSE-SU-2020:2861-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: - java-170-openjdk was updated to 2.6.23 July 2020 CPU, bsc1174157 - JDK-8028431, CVE-2020-14579: NullPointerException in - DerValue.equalsDerValue - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in -...

8.3CVSS6.2AI score0.04315EPSS

Exploits0References9

FreeBSD•added 2020/10/01 12:0 a.m.•23 views

py-matrix-synapse -- XSS vulnerability

Matrix developers reports: The fallback authentication endpoint served via Synapse were vulnerable to cross-site scripting XSS attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities,...

6.1CVSS5.1AI score0.01908EPSS

Exploits0References2

Tenable Nessus•added 2020/09/22 12:0 a.m.•10 views

FreeBSD : py-matrix-synapse -- malformed events may prevent users from joining federated rooms (2327234d-fc4b-11ea-adef-641c67a117d8)

Affected Synapse versions assume that all events have an 'origin' field set. If an event without the 'origin' field is sent into a federated room, servers not already joined to the room will be unable to do so due to failing to fetch the malformed event. Impact : An attacker could cause a denial ...

5.6AI score

Kitploit•added 2020/09/09 11:30 a.m.•39 views

Rakkess - Kubectl Plugin To Show An Access Matrix For K8S Server Resources

Review Access - kubectl plugin to show an access matrix for server resources Intro Have you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use kubectl auth can-i list deployments, but maybe you are looking for a complete overview? This is...

7.1AI score

Exploits0References7

RedHat Linux•added 2020/09/08 12:9 p.m.•2 views

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

RedHat Linux•added 2020/09/08 12:9 p.m.•1 views

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with multiple axes which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...

5.4CVSS6.9AI score0.01033EPSS

RedHat Linux•added 2020/09/08 12:9 p.m.•2 views

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...

RedHat Linux•added 2020/08/27 10:15 a.m.•5 views

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

RedHat Linux•added 2020/08/27 10:15 a.m.•3 views

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips

5.4CVSS6.9AI score0.01033EPSS

RedHat Linux•added 2020/08/27 10:15 a.m.•5 views

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips

RedHat Linux•added 2020/08/27 10:15 a.m.•2903 views

Important: Red Hat Security Advisory: OpenShift Container Platform 3.11 security update

An update for jenkins, jenkins-2-plugins, openshift-ansible, and python-rsa is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.9CVSS6.5AI score0.01634EPSS

Exploits1References11

RustSec•added 2020/08/25 12:0 p.m.•21 views

Matrix::new() drops uninitialized memory

Matrix::new internally calls Matrix::fillwith which uses ptr = value pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct...

9.8CVSS2.8AI score0.0123EPSS