Lucene search
+L

1374 matches found

Prion
Prion
added 2018/04/05 1:29 p.m.12 views

Remote code execution

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

6.5CVSS8.8AI score0.01577EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/04/05 1:29 p.m.4 views

CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS6.4AI score0.01577EPSS
Exploits0References1
NVD
NVD
added 2018/04/05 1:29 p.m.20 views

CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS8.9AI score0.01577EPSS
Exploits0References1
CVE
CVE
added 2018/04/05 1:0 p.m.55 views

CVE-2018-1000146

CVE-2018-1000146 : The vulnerability affects Liquibase Runner Plugin (Jenkins) versions 1.3.0 and older. Affected component/timeframe: plugin enables an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM. Documented impact is arbitrary code exe...

8.8CVSS8.9AI score0.01577EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/05 1:0 p.m.23 views

CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.9AI score0.01577EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/22 12:0 a.m.5 views

Gitlab GitLab CI runner component path traversal vulnerability

GitLab is a set of Ruby on Rails development of open source applications , can be realized as a self-hosted Git version control system project repository , which has similar features to Github , you can access the project's file content , commit history , bug lists , etc. GitLab Community Edition...

8.8CVSS7.2AI score0.04609EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/03/21 8:29 p.m.34 views

CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...

8.8CVSS7.4AI score0.04609EPSS
Exploits0References2
OSV
OSV
added 2018/03/21 8:29 p.m.2 views

UBUNTU-CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...

8.8CVSS7.5AI score0.04609EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/03/21 8:0 p.m.36 views

CVE-2017-0918

Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution...

8.3AI score0.04609EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/03/19 12:0 a.m.37 views

Debian DSA-4145-1 : gitlab - security update

Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code : - CVE-2017-0915/ CVE-2018-3710 Arbitrary code execution in project import. - CVE-2017-0916 Command injection via Webhooks. - CVE-2017-0917 Cross-site scripting in CI job output. - CVE-2017-0918...

9.8CVSS7.6AI score0.05705EPSS
Exploits1References17
Hacker One
Hacker One
added 2017/12/30 6:58 p.m.56 views

GitLab: GitLab CI runner can read and poison cache of all other projects

The GitLab CI runner allows users to cache files and directories in between runs. These files are stored in a ZIP file and uploaded to a shared cache instance. In my testing, the files were uploaded to runners-cache-4-internal.gitlab.com and runners-cache-3-internal.gitlab.com, even for dedicated...

6.5CVSS0.5AI score0.04609EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/11/30 12:0 a.m.27 views

RHEL 7 : tcmu-runner (RHSA-2017:3277)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3277 advisory. The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface TCMU. It...

7.5CVSS6.4AI score0.01463EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2017/11/29 3:32 a.m.5 views

tcmu-runner: UnregisterHandler D-Bus method in tcmu-runner daemon for internal handler causes DoS

A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call the UnregisterHandler method with the name of a handler loaded internally in tcmu-runner via dlopen to trigger DoS...

7.5CVSS5.7AI score0.01392EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/11/29 3:32 a.m.4 views

tcmu-runner: UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes DoS

A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call UnregisterHandler method with non-existing tcmu handler as paramater to trigger DoS...

5.5CVSS5.7AI score0.00317EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/11/29 3:32 a.m.6 views

tcmu-runner: glfs handler allows local DoS via crafted CheckConfig strings

A flaw was found in the implementation of CheckConfig method in handlerglfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault...

7.5CVSS5.7AI score0.01392EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/11/29 3:32 a.m.7 views

tcmu-runner: qcow handler opens up an information leak via the CheckConfig D-Bus method

A file information leak flaw was found in implementation of the CheckConfig method in handlerqcow.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could use this flaw to leak arbitrary file names which might not be retrievable by non-root user...

7.5CVSS5.8AI score0.01463EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/11/29 3:32 a.m.31 views

Moderate: Red Hat Security Advisory: tcmu-runner security update

An update for tcmu-runner is now available for Red Hat Gluster Storage 3.3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.5AI score0.01463EPSS
Exploits0References6
NVD
NVD
added 2017/11/17 2:29 a.m.18 views

CVE-2017-1000201

The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack...

5.5CVSS5.3AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2017/11/17 2:29 a.m.16 views

CVE-2017-1000201

The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack...

5.5CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2017/11/17 2:29 a.m.14 views

Null pointer dereference

tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's onunregisterhandler function resulting in denial of service...

5CVSS7.3AI score0.01392EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder