RHEL 7 : mercurial (RHSA-2019:2276)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2276 advisory. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Securi...

jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320)

A flaw was found in the Jenkins script security sandbox. The previously implemented script security sandbox protections prohibiting the use of unsafe AST transforming annotations such as @Grab could be circumvented through use of various Groovy language features including the use of...

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...

jenkins-plugin-script-security: Sandbox Bypass in finalize methods

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permissio...

EulerOS 2.0 SP2 : mercurial (EulerOS-SA-2018-1112)

According to the versions of the mercurial package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. - Securi...

Repo password on display for the world to see.

I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here. I have three different repos loaded in Sourcetree. Because of single sign on, that is...

Repo password on display for the world to see.

I just noticed that my machine user name and password are on display above the commit dialog. Since this job site uses single sign on for everything, that's my username and password for the entire system here. I have three different repos loaded in Sourcetree. Because of single sign on, that is...

Tower: modification of git hooks in SCM repo via upstream playbook execution

A flaw was found in Tower's interface with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower,...

Koji Security Bypass Vulnerability

Koji is an RPM-based build system. The system builds software by providing a flexible, secure and reproducible approach. A security bypass vulnerability exists in Koji version 1.13.0 that stems from the program failing to properly validate SCM paths. An attacker can exploit the vulnerability to...

PYSEC-2017-144

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission...

CVE-2017-1002153

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission...

PYSEC-2017-144

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission...

PT-2017-11022 · Red Hat · Koji

Name of the Vulnerable Software and Affected Versions: Koji version 1.13.0 Description: The issue arises from improper validation of SCM paths, enabling an attacker to bypass blacklisted paths for build submission. Recommendations: For version 1.13.0, update to a newer version that properly...

CVE-2017-7552

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core...

CVE-2017-7552

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core...

Design/Logic Flaw

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core...

[SECURITY] Fedora 25 Update: mercurial-3.8.1-4.fc25

Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Quick start: http://www.selenic.com/mercurial/wiki/index.cgi/QuickStart Tutorial: http://www.selenic.com/mercurial/wiki/index.cgi/Tutorial Extensions:...

CVE-2017-7552

A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core...

CVE-2017-7552

CVE-2017-7552 affects the Red Hat Mobile Application Platform (RHMAP) file editor (millicore). The flaw, in affected versions before 3.19.0 and 4.x before 4.5.0, allows files to be executed as well as created, enabling an attacker to compromise other users’ or teams’ projects stored in source con...

RHMAP Millicore IDE allows RCE on SCM

A flaw was discovered in the file editor of millicore which allows files to be executed as well as created. An attacker could use this flaw to compromise other users or teams projects stored in source control management of the RHMAP Core installation...