102 matches found
PT-2025-22352 · Unknown · Konsola Proget
Name of the Vulnerable Software and Affected Versions: Konsola Proget versions prior to 2.17.5 Description: The issue arises from input in the activationMessage field not being sanitized correctly in Konsola Proget, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack...
PT-2025-22329
Name of the Vulnerable Software and Affected Versions Proget MDM versions prior to 2.17.5 Description A low-privileged user can obtain information about tasks executed on devices controlled by Proget MDM, as well as details of the devices like their UUIDs. To perform the attack, an attacker needs...
CVE-2025-47244
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C reflection layer, as demonstrated by causing a denial of service when an attacker executes a loop calling RestartWeb or obtaining potentially sensitive information. Exploitation can occur if...
CVE-2025-47244
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C reflection layer, as demonstrated by causing a denial of service when an attacker executes a loop calling RestartWeb or obtaining potentially sensitive information. Exploitation can occur if...
CVE-2025-47244
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C reflection layer, as demonstrated by causing a denial of service when an attacker executes a loop calling RestartWeb or obtaining potentially sensitive information. Exploitation can occur if...
Inedo ProGet 安全漏洞
Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet version 2024.22 and earlier, which stems from a C reflection layer that allows remote attackers to access restricted functionality, potentially resulting in a denial of service or access to...
CVE-2025-47244
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C reflection layer, as demonstrated by causing a denial of service when an attacker executes a loop calling RestartWeb or obtaining potentially sensitive information. Exploitation can occur if...
CVE-2025-47244
CVE-2025-47244 affects Inedo ProGet (versions 2024.22 and earlier). The vulnerability stems from the C# reflection layer, which can be abused by remote attackers to reach restricted functionality, potentially causing a denial of service (e.g., looping RestartWeb) or exposing sensitive information...
📄 Inedo ProGet 2024.22 Denial of Service / Information Disclosure / CSRF
Inedo ProGet version 2024.22 suffers from cross site request forgery, denial of service, and information disclosure vulnerabilities. Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks among other things because the information...
PT-2025-18958 · Inedo · Inedo Proget
Name of the Vulnerable Software and Affected Versions: Inedo ProGet versions 2024.22 and earlier Description: Inedo ProGet allows remote attackers to reach restricted functionality through the C reflection layer. This can be demonstrated by causing a denial of service, such as when an attacker...
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Inedo ProGet Plugin Plugin stores a service password in its global Jenkins configuration. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions, cross-site...
GHSA-F6G8-PXVP-9328 Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Inedo ProGet Plugin Plugin stores a service password in its global Jenkins configuration. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions, cross-site...
Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to...
GHSA-H5HM-73HG-FRRM Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to...
AutomatedLab - A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts
AutomatedLab AL enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requirements Apart fr...
Unspecified Vulnerability in CloudBees Jenkins Inedo ProGet Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Inedo ProGet Plugin is used in one of the...
CVE-2019-10412
Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
CVE-2019-10412
Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
Code injection
Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
CVE-2019-10412
CVE-2019-10412 affects the CloudBees/Jenkins Inedo ProGet Plugin up to version 1.2, where credentials configured in the global Jenkins configuration form were transmitted in plain text, exposing sensitive data. The root cause involves the plugin storing a service password (encrypted on disk) but ...