3660 matches found
CVE-2020-2225
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2225
Vulnerability summary (CVE-2020-2225) : The Jenkins Matrix Project Plugin (versions 1.16 and earlier) does not escape axis names in tooltips on the overview page for builds with multiple axes, enabling a stored XSS vulnerability. Exploitation requires user permissions to configure jobs. The issue...
CVE-2020-2224
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2224
The CVE-2020-2224 issue affects Jenkins Matrix Project Plugin (versions 1.16 and earlier). The root cause is failure to escape node names shown in tooltips on the overview page for builds with a single axis, enabling stored cross-site scripting. Impact is user-visible XSS for users with Agent/Con...
PT-2020-15442 · Jenkins · Jenkins Matrix Authorization Strategy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Authorization Strategy Plugin versions 2.6.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because user names shown in the configuration or permission table are not...
PT-2020-15440 · Jenkins · Jenkins Matrix Project Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Project Plugin versions 1.16 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the node names shown in tooltips on the overview page of builds with a single axis are...
PT-2020-15441 · Jenkins · Jenkins Matrix Project Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Project Plugin versions 1.16 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the axis names shown in tooltips on the overview page of builds with multiple axes are...
Rocket.Chat: It is possible to elevate privileges for any authenticated user to view permissions matrix and view Direct messages without appropriate permissions.
Description: ===================== For the user with "View Private Room" permission only it is possible to rewrite permission role e.g. to admin in /api/v1/me method response via some proxy tools e.g. Charles and get access to servers permissions matrix and view Direct messages. Releases Affected...
FreeBSD : py-matrix-synapse -- multiple vulnerabilities (d9f686f3-fde0-48dc-ab0a-01c2fe3e0529)
Matrix developers report : Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. - A malicious homeserver could force Synapse to reset the state in a room to a small subset o...
py-matrix-synapse -- multiple vulnerabilities
Matrix developers report: Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. A malicious homeserver could force Synapse to reset the state in a room to a small subset of t...
Not Just Good Security Products, But a Good Partner
The analyst firm Canalys annually produces their Cybersecurity Leadership Matrix. Whereas many third-party assessments are looking at just the security product, this one focuses on the value to channel partners. Sidebar: what is the channel? If you aren’t actively buying or selling cybersecurity...
Kubernetes Security
Attack matrix for Kubernetes, using the MITRE ATT framework. A good first step towards understand the security of this suddenly popular and very complex container orchestration system...
The vulnerability of the ImagickKernel::fromMatrix() function in the php-imagick extension for PHP allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the ImagickKernel::fromMatrix function in the php-imagick extension for PHP is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability may allow a remote attacker to cause a service failure or execute arbitrary code...
Attack matrix for Kubernetes
Kubernetes, the most popular container orchestration system and one of the fastest-growing projects in the history of open source, becomes a significant part of many companies’ compute stack. The flexibility and scalability of containers encourage many developers to move their workloads to...
FreeBSD : py-matrix-synapse -- users of single-sign-on are vulnerable to phishing (1afe9552-5ee3-11ea-9b6d-901b0e934d69)
Matrix developers report : The 1.11.1 release includes a security fix impacting installations using Single Sign-On i.e. SAML2 or CAS for authentication. Administrators of such installations are encouraged to upgrade as soon as possible. C Tenable Network Security, Inc. The descriptive text and...
py-matrix-synapse -- users of single-sign-on are vulnerable to phishing
Matrix developers report: The 1.11.1 release includes a security fix impacting installations using Single Sign-On i.e. SAML2 or CAS for authentication. Administrators of such installations are encouraged to upgrade as soon as possible...
PT-2020-7910 · Jasper · Jasper
Name of the Vulnerable Software and Affected Versions: JasPer affected versions not specified Description: The issue is related to an integer overflow in the jas matrix create function, which allows context-dependent attackers to have an unspecified impact via a crafted JPEG 2000 image. This is...
IBM InfoPrint 4247-Z03 Impact Matrix Printer Directory Traversal
Exploit Title: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Date: 2020-01-01 Exploit Author: Raif Berkay Dincel Vendor Homepage: ibm.com Software https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ca&infotype=an&appname=iSource&supplier=897&letternum=ENUS107-295...
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Exploit Title: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Date: 2020-01-01 Exploit Author: Raif Berkay Dincel Vendor Homepage: ibm.com Software...
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Exploit Title: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Exploit Author: Raif Berkay Dincel Vendor Homepage: ibm.com Software...