110 matches found
CVE-2019-10119
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin...
Docker Remote API Detection
Binary data dockerremoteapidetection.nbin...
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners
Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers. You can interact with Docker via the terminal and also via remote API. The...
Automotive Security: It’s More Than Just What’s Under The Hood
It’s a cool Saturday evening as I head out for a night on the town with my wife and some friends. We’re in a late model German made vehicle driving – below the speed limit – as we drive onto the open road. While focusing on the road I notice a strange effect happening to the radio as I accelerate...
CVE-2017-2600
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...
CVE-2017-2600
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...
Design/Logic Flaw
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...
CVE-2017-2600
CVE-2017-2600 corresponds to a Jenkins information-disclosure flaw where node monitor data could be viewed by an authenticated, low-privilege user via the remote API on affected builds (before Jenkins 2.44 and before 2.32.2 in some lines). The vulnerability enables disclosure of system configurat...
CVE-2017-2600
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes SECURITY-343...
CVE-2017-1000399
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/ID/api showed information about tasks in the queue typically builds waiting to start. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This h...
CVE-2017-1000399
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/ID/api showed information about tasks in the queue typically builds waiting to start. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This h...
CVE-2017-1000400
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/job-name/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and...
CVE-2017-1000398
The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/agent-name/api showed information about tasks typically builds currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read...
CVE-2017-1000395
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/username/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote...
Information disclosure
The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/job-name/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and...
CVE-2017-1000395
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/username/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote...
Information disclosure
The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/agent-name/api showed information about tasks typically builds currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read...
Information disclosure
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/username/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote...
CVE-2017-1000395
Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/username/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote...
CVE-2017-1000398
The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/agent-name/api showed information about tasks typically builds currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read...