1085 matches found
CVE-2022-41248
CVE-2022-41248 affects Jenkins BigPanda Notifier Plugin (versions ≤ 1.4.0). The root cause is that the plugin does not mask the BigPanda API key in the global configuration form and stores the API key in plaintext in the Jenkins controller file system (e.g., BigpandaGlobalNotifier.xml). This expo...
CVE-2022-41248
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it...
CVE-2022-41247
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-41247
CVE-2022-41247 — Jenkins BigPanda Notifier Plugin : The plugin versions 1.4.0 and earlier store the BigPanda API key unencrypted in the Jenkins controller’s global configuration file (BigpandaGlobalNotifier.xml) and do not mask it in the global configuration form, allowing users with Jenkins cont...
PT-2022-25762 · Jenkins · Jenkins Bigpanda Notifier Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage of the BigPanda API key in an unencrypted form within the global configuration file on the Jenkins controller. This file can be accessed b...
PT-2022-25763 · Jenkins · Jenkins Bigpanda Notifier Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage and display of the BigPanda API key in the plugin's configuration. The BigPanda API key is stored unencrypted in the...
PT-2022-16361 · Keylime · Keylime
Name of the Vulnerable Software and Affected Versions: Keylime versions prior to 6.3.0 Description: The issue arises from the Revocation Notifier in Keylime using a fixed /tmp path for a UNIX domain socket. This can be exploited by unprivileged users to prohibit Keylime operations. Recommendation...
Jenkins BigPanda Notifier Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins BigPanda Notifier Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
Design/Logic Flaw
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
CVE-2022-1902
CVE-2022-1902 describes a vulnerability in Red Hat Advanced Cluster Security for Kubernetes where Notifier secrets were not properly sanitized in the GraphQL API. This allows authenticated ACS users to retrieve Notifiers via GraphQL, potentially escalating privileges. CVSSv3.1 base score 8.8 (HIG...
Malicious code in nodenotiier (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 914779ec8a28d8e69a3d7753cc1808a99f9d3030ed7ed56f6357e1d953ac8fb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-1902
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...
Jenkins RocketChat Notifier Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...
GHSA-GVMR-MP5Q-9WVW Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file hudson.plugins.skype.im.transport.SkypePublisher.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file syste...
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file hudson.plugins.skype.im.transport.SkypePublisher.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file syste...