367 matches found
PT-2023-20274 · Veracode · Veracode Azure Devops Extension +2
Name of the Vulnerable Software and Affected Versions: Veracode Scan Jenkins Plugin versions prior to 23.3.19.0 Veracode Azure DevOps Extension versions prior to 3.20.0 Description: A credential-leak issue was discovered in related Veracode products. The Veracode Scan Jenkins Plugin, when...
Jenkins Plugin Veracode Scan 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin Veracode Scan 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2023-25721
Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users with access to view the job log to...
CVE-2023-25722
A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...
PT-2023-20273 · Veracode · Veracode Scan Jenkins Plugin
Name of the Vulnerable Software and Affected Versions: Veracode Scan Jenkins Plugin versions prior to 23.3.19.0 Description: The issue allows users with access to view the job log to discover proxy credentials under specific configurations. This includes when the "Connect using proxy" option is...
CVE-2023-25721
Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users with access to view the job log to...
CVE-2023-25722
A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...
SUSE CVE-2003-1605
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server...
SUSE CVE-2017-9271
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...
SUSE CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
CVE-2022-39168
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422...
CVE-2022-39168
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422...
Code injection
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422...
CVE-2022-39168
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422...
CVE-2022-39168
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422...
GHSA-9X8M-2XPF-CRP3 Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Impact When the built-in HTTP proxy downloader middleware processes a request with proxy metadata, and that proxy metadata includes proxy credentials, the built-in HTTP proxy downloader middleware sets the Proxy-Authentication header, but only if that header is not already set. There are...
GHSA-442G-GCG6-MHM4 Play Framework Inadequate Encryption Strength vulnerability
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
CVE-2021-1126
A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center FMC could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. A...
Cisco Firepower Management Center 信息泄露漏洞
Cisco Firepower Management Center is the nerve center for managing Cisco network security solutions, improving the effectiveness of Cisco network security solutions by providing centralized, integrated, and simplified management. An information disclosure vulnerability exists in the storage of...