Lucene search
K

1085 matches found

CVE
CVE
added 2022/09/21 3:46 p.m.333 views

CVE-2022-41248

CVE-2022-41248 affects Jenkins BigPanda Notifier Plugin (versions ≤ 1.4.0). The root cause is that the plugin does not mask the BigPanda API key in the global configuration form and stores the API key in plaintext in the Jenkins controller file system (e.g., BigpandaGlobalNotifier.xml). This expo...

5.3CVSS5.2AI score0.00328EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.16 views

CVE-2022-41248

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it...

6AI score0.00328EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/21 3:46 p.m.27 views

CVE-2022-41247

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

5.2AI score0.0042EPSS
Exploits0References1
CVE
CVE
added 2022/09/21 3:46 p.m.371 views

CVE-2022-41247

CVE-2022-41247 — Jenkins BigPanda Notifier Plugin : The plugin versions 1.4.0 and earlier store the BigPanda API key unencrypted in the Jenkins controller’s global configuration file (BigpandaGlobalNotifier.xml) and do not mask it in the global configuration form, allowing users with Jenkins cont...

4.3CVSS4.5AI score0.0042EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.5 views

PT-2022-25762 · Jenkins · Jenkins Bigpanda Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage of the BigPanda API key in an unencrypted form within the global configuration file on the Jenkins controller. This file can be accessed b...

4.3CVSS4.3AI score0.0042EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.5 views

PT-2022-25763 · Jenkins · Jenkins Bigpanda Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage and display of the BigPanda API key in the plugin's configuration. The BigPanda API key is stored unencrypted in the...

5.3CVSS4.8AI score0.00328EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.5 views

PT-2022-16361 · Keylime · Keylime

Name of the Vulnerable Software and Affected Versions: Keylime versions prior to 6.3.0 Description: The issue arises from the Revocation Notifier in Keylime using a fixed /tmp path for a UNIX domain socket. This can be exploited by unprivileged users to prohibit Keylime operations. Recommendation...

7.5CVSS7.3AI score0.01283EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.3 views

Jenkins BigPanda Notifier Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.3AI score0.0042EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.5 views

Jenkins BigPanda Notifier Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00328EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/09/01 9:15 p.m.5 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8CVSS7.2AI score0.01154EPSS
Exploits1References7
NVD
NVD
added 2022/09/01 9:15 p.m.20 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8CVSS0.01154EPSS
Exploits1References3
OSV
OSV
added 2022/09/01 9:15 p.m.28 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8CVSS6.6AI score0.01154EPSS
Exploits1References3
Prion
Prion
added 2022/09/01 9:15 p.m.28 views

Design/Logic Flaw

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

6.5CVSS8.6AI score0.01154EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/09/01 7:54 p.m.30 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8AI score0.01154EPSS
Exploits1References3
CVE
CVE
added 2022/09/01 7:54 p.m.1966 views

CVE-2022-1902

CVE-2022-1902 describes a vulnerability in Red Hat Advanced Cluster Security for Kubernetes where Notifier secrets were not properly sanitized in the GraphQL API. This allows authenticated ACS users to retrieve Notifiers via GraphQL, potentially escalating privileges. CVSSv3.1 base score 8.8 (HIG...

8.8CVSS8.5AI score0.01154EPSS
Exploits1References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/19 3:55 a.m.5 views

Malicious code in nodenotiier (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 914779ec8a28d8e69a3d7753cc1808a99f9d3030ed7ed56f6357e1d953ac8fb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/07/07 4:12 p.m.57 views

CVE-2022-1902

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges...

8.8CVSS3.2AI score0.01154EPSS
Exploits1References3
CNVD
CNVD
added 2022/07/04 12:0 a.m.23 views

Jenkins RocketChat Notifier Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

4CVSS0.8AI score0.00701EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/07/01 12:1 a.m.26 views

GHSA-GVMR-MP5Q-9WVW Plaintext Storage of a Password in Jenkins Skype notifier Plugin

Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file hudson.plugins.skype.im.transport.SkypePublisher.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file syste...

3.3CVSS6.7AI score0.00686EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.22 views

Plaintext Storage of a Password in Jenkins Skype notifier Plugin

Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file hudson.plugins.skype.im.transport.SkypePublisher.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file syste...

6.5CVSS6.3AI score0.00686EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder