CVE-2019-1003026

A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message...

CVE-2019-1003026

A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message...

CVE-2019-1003026

The CVE describes a server-side request forgery in Jenkins Mattermost Notification Plugin (MattermostNotifier.java) affecting versions up to and including 2.6.2. The root cause is a lack of privilege checks that allows attackers with Overall/Read permission to instruct Jenkins to connect to an at...

openSUSE Security Update : deluge (openSUSE-2017-656)

This update for deluge fixes two security issues : - CVE-2017-9031: A remote attacker may have used a directory traversal vulnerability in the web interface bsc1039815 - CVE-2017-7178: A remote attacher could have exploited a CSRF vulnerability to trick a logged-in user to perform actions in the...

WordPress DVS Custom Notification Plugin <= 1.0.1 - Multiple CSRF and XSS

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks orchange application settings. Solution Update the plugin...