1374 matches found
Remote code execution
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
CVE-2018-1000146
CVE-2018-1000146 : The vulnerability affects Liquibase Runner Plugin (Jenkins) versions 1.3.0 and older. Affected component/timeframe: plugin enables an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM. Documented impact is arbitrary code exe...
CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
Gitlab GitLab CI runner component path traversal vulnerability
GitLab is a set of Ruby on Rails development of open source applications , can be realized as a self-hosted Git version control system project repository , which has similar features to Github , you can access the project's file content , commit history , bug lists , etc. GitLab Community Edition...
CVE-2017-0918
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...
UBUNTU-CVE-2017-0918
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...
CVE-2017-0918
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...
Debian DSA-4145-1 : gitlab - security update
Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code : - CVE-2017-0915/ CVE-2018-3710 Arbitrary code execution in project import. - CVE-2017-0916 Command injection via Webhooks. - CVE-2017-0917 Cross-site scripting in CI job output. - CVE-2017-0918...
GitLab: GitLab CI runner can read and poison cache of all other projects
The GitLab CI runner allows users to cache files and directories in between runs. These files are stored in a ZIP file and uploaded to a shared cache instance. In my testing, the files were uploaded to runners-cache-4-internal.gitlab.com and runners-cache-3-internal.gitlab.com, even for dedicated...
RHEL 7 : tcmu-runner (RHSA-2017:3277)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3277 advisory. The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface TCMU. It...
tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS
A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in tcmu-runner via dlopen to trigger DoS...
tcmu-runner: UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes DoS
A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call UnregisterHandler method with non-existing tcmu handler as paramater to trigger DoS...
tcmu-runner: glfs handler allows local DoS via crafted CheckConfig strings
A flaw was found in the implementation of CheckConfig method in handlerglfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault...
tcmu-runner: qcow handler opens up an information leak via the CheckConfig D-Bus method
A file information leak flaw was found in implementation of the CheckConfig method in handlerqcow.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could use this flaw to leak arbitrary file names which might not be retrievable by non-root user...
Moderate: Red Hat Security Advisory: tcmu-runner security update
An update for tcmu-runner is now available for Red Hat Gluster Storage 3.3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2017-1000201
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack...
CVE-2017-1000201
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack...
Null pointer dereference
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's onunregisterhandler function resulting in denial of service...