PT-2022-20414 · Jenkins · Jenkins Ssh Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SSH Plugin versions 2.6.1 and earlier Description: A missing permission check in the Jenkins SSH Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +156 more potentially affected by CVE-2018-1000601 via org.jenkins-ci.plugins:ssh-credentials (>=0.1 <=1.13)

org.jenkins-ci.plugins:ssh-credentials MAVEN version =0.1, =1.0.5.0, =1.9.2-beta, =1.14.0, =4.1.1, =1.1.0, =1.0.22, =1.3.0, =1.0.0, =3.0, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 - io.fabric8.pipeline:kubernetes-pipeline-devops-steps =1.3 and more Source cves:...

TLS and SSH connection too eager reuse

libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and...

UBUNTU-CVE-2022-27782

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

PT-2022-2695

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description The issue is related to how libcurl handles previously used connections in a connection pool for subsequent transfers. When a TLS or SSH-related option is changed, it should prohibit the reus...

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

golang.org/x/crypto: empty plaintext packet causes panic

There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...

CVE-2021-30064

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials if the device is in the uncommissioned state...

Schneider Electric ConneXium Tofino Firewall和Schneider Electric Belden Tofino Xenon Security Appliance 信任管理问题漏洞

Schneider Electric ConneXium Tofino Firewall and Schneider Electric Belden Tofino Xenon Security Appliance are both products of Schneider Electric, a French company. The Schneider Electric ConneXium Tofino Firewall is a firewall appliance and the Schneider Electric Belden Tofino Xenon Security...

USN-5354-1 twisted vulnerabilities

It was discovered that Twisted incorrectly filtered HTTP headers when clients are being redirected to another origin. A remote attacker could use this issue to obtain sensitive information. CVE-2022-21712 It was discovered that Twisted incorrectly processed SSH handshake data on connection...

CVE-2022-24693

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

PT-2022-13400 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 14.6 through 14.6.4 GitLab versions 14.7 through 14.7.3 GitLab versions 14.8 through 14.8.1 Description: An issue has been discovered in GitLab where user passwords were leaked when adding mirrors with SSH credentials under...

python-twisted: SSH client and server denial of service during SSH handshake

An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived function. This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory and crash the server...

PT-2022-13166 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs versions prior to 0.12.6 Description: The issue allows a malicious user to upload a crafted config file into a repository's .git directory to gain SSH access to the server. This affects all installations with repository upload enabled,...

InsightVM Scanning: Demystifying SSH Credential Elevation

Written in collaboration with Jimmy Cancilla The credentials to log into the assets on the network are one of the most critical inputs that can be provided to a vulnerability assessment. In order to capture and report on the full risk of an asset, the scan engine must be able to access the asset ...

Jenkins Kubernetes Continuous Deploy 插件跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

DEBIAN-CVE-2022-24715

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...

UBUNTU-CVE-2022-24715

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...

USN-5308-1 libssh2 vulnerabilities

It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote, unauthenticated attacker could possibly execute arbitrary code on the client system. CVE-2019-3855 It was discovered that libssh2 incorrectly handled prompt...