189 matches found
PT-2022-17112 · Jenkins · Jenkins Pipeline: Groovy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2648.va9433432b33c and earlier Jenkins Pipeline: Groovy Plugin prior to 2656.vf7a e7b 75a 457 Jenkins Pipeline: Groovy Plugin version 2.94.1 Jenkins Pipeline: Groovy Plugin version 2.92.1 Description:...
Jenkins Pipeline: Multibranch Plugin 操作系统命令注入漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Pipeline:...
Jenkins Pipeline 操作系统命令注入漏洞
Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins. Jenkins Pipeline has a security vulnerability that can be exploited by an attacker to invoke arbitrary OS commands on the controller by crafting SCM content...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
PT-2021-22482 · Apache · Apache Ozone
Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue allows certain admin-related SCM commands to be executed by any authenticated users, not just by admins. Recommendations: For versions prior to 1.2.0, update to version 1.2.0 or late...
WordPress Image Source Control Plugin Access Control Error Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The WordPress Image Source Control Plugin is vulnerable to an access control error in versions prior to 2.3.1. The vulnerability stems from the lack of proper restrictions on the role permissions of the...
CVE-2021-24781
The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...
CVE-2021-24781
The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...
Design/Logic Flaw
The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...
CVE-2021-24781 Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...
CVE-2021-24781
CVE-2021-24781 affects the WordPress Image Source Control plugin (versions before 2.3.1). The vulnerability allows users with a role as low as Contributor to change arbitrary post meta fields on arbitrary posts, indicating an access control error and insufficient restrictions on post-edit permiss...
WordPress 访问控制错误漏洞
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The WordPress Image Source Control Plugin is vulnerable to an access control error in versions prior to 2.3.1. The vulnerability stems from the lack of proper restrictions on the role permissions of the...
WordPress Image Source Control plugin <= 2.3.0 - Arbitrary Post Meta Value Change vulnerability
Arbitrary Post Meta Value Change vulnerability discovered by apple502j in WordPress Image Source Control plugin versions = 2.3.0. Solution Update the WordPress Image Source Control plugin to the latest available version at least 2.3.1...
Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
The plugin allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit PoC Run while in the Post/Page editor as a contributor jQuery.postajaxurl, action: "iscsavemeta", nonce: iscData.nonce, id:781, key:...
Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
The plugin allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit Run while in the Post/Page editor as a contributor jQuery.postajaxurl, action: "iscsavemeta", nonce: iscData.nonce, id:781, key:...
UBUNTU-CVE-2021-21996
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and sourcehash URLs can gain full file system access as root on a salt minion...
Privilege Escalation
Salt is vulnerable to privilege escalation. A user who has control of the source, and sourcehash URLs can gain full file system access as root on a salt minion...
UBUNTU-CVE-2021-29472
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...
Unspecified vulnerability in CloudBees Jenkins Harvest SCM plugin (CNVD-2020-16682)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A security vulnerability exists in the CloudBees Jenkins Harvest SCM plugin, which can be exploited by an attacker to access the user view of the main file system...
emacs, mercurial security update
CentOS Errata and Security Advisory CESA-2019:2276 An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...