Lucene search
K

69 matches found

Debian CVE
Debian CVE
added 2022/09/23 12:0 a.m.40 views

CVE-2021-41803

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

7.1CVSS6.8AI score0.00846EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 5:23 p.m.30 views

Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin

Matrix Project Plugin 1.16 and earlier does not escape node names shown in tooltips on the overview page of builds with a single axis. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Agent/Configure permission. Matrix Project Plugin 1.17 escapes the node...

5.4CVSS5.6AI score0.00919EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:23 p.m.20 views

GHSA-H6QC-455M-7V6V Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin

Matrix Project Plugin 1.16 and earlier does not escape node names shown in tooltips on the overview page of builds with a single axis. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Agent/Configure permission. Matrix Project Plugin 1.17 escapes the node...

8CVSS5.6AI score0.00919EPSS
Exploits0References5
OSV
OSV
added 2022/01/13 12:1 a.m.1 views

GHSA-VQWG-4V6F-H6X5 Stored XSS vulnerability in Matrix Project Plugin

Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...

5.4CVSS7.2AI score0.81842EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/01/12 8:15 p.m.6 views

CVE-2022-20615

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...

5.4CVSS6.5AI score0.81842EPSS
Exploits0References4
CNVD
CNVD
added 2021/02/09 12:0 a.m.6 views

NetApp Clustered Data ONTAP Information Disclosure Vulnerability (CNVD-2021-12090)

NetApp Clustered Data ONTAP is NetApp's proprietary operating system for storage disk arrays. An information disclosure vulnerability exists in NetApp Clustered Data ONTAP versions prior to 9.1P18, 9.3P12. An attacker can exploit this vulnerability to discover node names via the AutoSupport bundl...

3.3CVSS6.2AI score0.00342EPSS
Exploits0References1
NVD
NVD
added 2021/02/08 10:15 p.m.16 views

CVE-2020-8578

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true...

3.3CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 2021/02/08 10:15 p.m.23 views

CVE-2020-8590

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true...

3.3CVSS0.00342EPSS
Exploits0References1
Prion
Prion
added 2021/02/08 10:15 p.m.15 views

Code injection

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true...

2.1CVSS3.7AI score0.00342EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/02/08 10:15 p.m.15 views

Code injection

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true...

2.1CVSS3.7AI score0.00342EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/08 9:40 p.m.28 views

CVE-2020-8590

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true...

3.6AI score0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/08 9:38 p.m.21 views

CVE-2020-8578

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true...

3.5AI score0.00342EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.8 views

Netapp Clustered Data ONTAP 安全漏洞

NetApp Clustered Data ONTAP is NetApp's proprietary operating system for storage disk arrays. An information disclosure vulnerability exists in NetApp Clustered Data ONTAP versions prior to 9.3P20. An attacker can exploit this vulnerability via the AutoSupport bundle to discover node names even i...

3.3CVSS5.8AI score0.00342EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.8 views

Netapp Clustered Data ONTAP 安全漏洞

NetApp Clustered Data ONTAP is NetApp's proprietary operating system for storage disk arrays. An information disclosure vulnerability exists in NetApp Clustered Data ONTAP versions prior to 9.1P18, 9.3P12. An attacker can exploit this vulnerability to discover node names via the AutoSupport bundl...

3.3CVSS5.8AI score0.00342EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/10/20 3:52 p.m.4 views

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with multiple axes which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...

5.4CVSS6.9AI score0.01041EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/27 10:15 a.m.4 views

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with multiple axes which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...

5.4CVSS6.9AI score0.01041EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/18 5:4 a.m.3 views

jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with multiple axes which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...

5.4CVSS6.9AI score0.01041EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/07/15 9:7 p.m.29 views

CVE-2020-2224

A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...

3.5CVSS2.3AI score0.00919EPSS
Exploits0References3
Veracode
Veracode
added 2018/03/14 1:25 a.m.21 views

Information Disclosure Through Authorization Bypass

Jenkins Subversion Plugin is vulnerable to information disclosure through authorization bypass. The vulnerability allows users without Overall/Read permission to submit search queries to retrieve a list of user names and node names...

5.3CVSS5AI score0.00914EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2018/03/14 1:9 a.m.21 views

Information Disclosure Through Authorization Bypass

Jenkins Mercurial Plugin is vulnerable to information disclosure through authorization bypass attacks. The vulnerability allows users without Overall/Read permission to submit search queries to retrieve a list of user names and node names...

5.3CVSS4.9AI score0.0098EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder