Lucene search
K

4965 matches found

Cvelist
Cvelist
added 2024/10/02 4:53 p.m.35 views

CVE-2024-20442 Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

5.4CVSS0.0037EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:53 p.m.95 views

CVE-2024-20442

Cisco Nexus Dashboard exposes a REST API vulnerability due to insufficient authorization controls on certain endpoints. An authenticated, low-privileged, remote attacker could perform limited Administrator actions such as viewing portions of the web UI, generating config backups, or deleting tech...

5.4CVSS5.2AI score0.0037EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/10/02 4:53 p.m.31 views

CVE-2024-20441 Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could...

5.7CVSS0.00457EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:53 p.m.80 views

CVE-2024-20441

CVE-2024-20441 affects Cisco Nexus Dashboard Fabric Controller (NDFC) REST API endpoint. The issue arises from insufficient authorization controls on the endpoint, enabling an authenticated, low-privilege, remote attacker to access sensitive configuration data. A successful exploit could allow do...

6.5CVSS5.6AI score0.00457EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2024/10/02 4:53 p.m.85 views

CVE-2024-20438

Cisco Nexus Dashboard Fabric Controller (NDFC) REST API vulnerability allows an authenticated, low-privileged, remote attacker to read or write files on an affected device due to missing authorization controls on certain REST endpoints. The issue affects the NDFC/Nexus Dashboard REST APIs (subset...

6.3CVSS5.7AI score0.00353EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2024/10/02 4:53 p.m.14 views

CVE-2024-20438 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...

6.3CVSS6.7AI score0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 4:53 p.m.20 views

CVE-2024-20438 Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this...

6.3CVSS0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 4:53 p.m.116 views

CVE-2024-20432 Cisco Nexus Dashboard Fabric Controller Web UI Command Injection Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

9.9CVSS0.0115EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 4:53 p.m.110 views

CVE-2024-20432

Cisco Nexus Dashboard Fabric Controller (NDFC) is affected by CVE-2024-20432 via a REST API and web UI command-injection flaw caused by improper user authorization and insufficient validation of command arguments. A low-privilege, authenticated attacker could submit crafted commands to affected R...

9.9CVSS9.8AI score0.0115EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/10/02 4:15 p.m.40 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

7.5CVSS0.00583EPSS
Exploits0References1
OSV
OSV
added 2024/10/02 4:15 p.m.14 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

7.5CVSS7.6AI score
Exploits0References1
Cisco
Cisco
added 2024/10/02 4:0 p.m.23 views

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

9.9CVSS9.8AI score0.0115EPSS
Exploits0References1
Cisco
Cisco
added 2024/10/02 4:0 p.m.14 views

Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities

Multiple vulnerabilities in the REST APIs of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a limited set of network-admin functions on an affected device. For more information about these...

6.3CVSS5.6AI score0.00457EPSS
Exploits0References1
Cisco
Cisco
added 2024/10/02 4:0 p.m.23 views

Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

5.5CVSS5.9AI score0.0076EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/02 3:35 p.m.18 views

CVE-2024-47804

If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only...

6.9AI score0.00684EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/02 3:35 p.m.40 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

0.00583EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/02 3:35 p.m.20 views

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

7.1AI score0.00583EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 3:35 p.m.329 views

CVE-2024-47804

CVE-2024-47804 describes a Jenkins item-creation restriction bypass: when creating a prohibited item via CLI/REST, the item is created in memory and only removed from disk, enabling attackers with Item/Configure permission to persist it. Affected versions: Jenkins 2.478 and earlier, LTS 2.462.2 a...

4.3CVSS6.8AI score0.00684EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/02 3:35 p.m.32 views

CVE-2024-47804

If an attempt is made to create an item of a type prohibited by ACLhasCreatePermission2 or TopLevelItemDescriptorisApplicableInItemGroup through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only...

0.00684EPSS
Exploits0References1
CVE
CVE
added 2024/10/02 3:35 p.m.130 views

CVE-2024-47805

CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...

7.5CVSS7AI score0.00583EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder