CVE-2023-52187

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0...

CVE-2023-52187

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0...

WordPress plugin Image Source Control Lite security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-52187 WordPress Image Source Control Plugin <= 2.17.0 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0...

CVE-2023-52187

CVE-2023-52187 affects the WordPress plugin Image Source Control Lite – Show Image Credits and Captions . Public records indicate vulnerability is an Exposure of Sensitive Information to an Unauthorized Actor affecting versions from unknown through 2.17.0 . The data sources also indicate this vul...

PT-2024-14454 · Unknown · The Image Source Control Lite

Name of the Vulnerable Software and Affected Versions: Image Source Control Lite – Show Image Credits and Captions versions n/a through 2.17.0 Description: The issue is related to Exposure of Sensitive Information to an Unauthorized Actor. This allows unauthorized access to sensitive information...

WordPress Image Source Control Plugin <= 2.17.0 is vulnerable to Sensitive Data Exposure

Software Image Source Control Type Plugin Vulnerable versions = 2.17.0 Fixed in 2.17.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-52187 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 66572409bd51 Credits...

CVE-2023-3517

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources...

nfpm has incorrect default permissions

Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files without extra config for...

GHSA-W7JW-Q4FG-QC4C nfpm has incorrect default permissions

Summary When building packages directly from source control, file permissions on the checked-in files are not maintained. Details When building packages directly from source control, file permissions on the checked-in files are not maintained. When nfpm packaged the files without extra config for...

Stored XSS in Graphite FunctionDescription tooltip

Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...

SUSE CVE-2017-2650

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...

plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...

Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

GHSA-7CJC-XPPR-XJ6X Improper Neutralization of Input During Web Page Generation in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions...

GHSA-G74W-93CP-5P3P Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin

When pipelines are created using the pipeline creation wizard in Blue Ocean, the credentials used are stored in the per-user credentials store of the user creating the pipeline. To allow pipelines to use this credential to scan repositories and checkout from SCM, the Blue Ocean Credentials Provid...

GHSA-84CM-VJWM-M979 Path traversal in Jenkins Git Mercurial and Repo Plugins

Jenkins SCMs support a number of different URL schemes, including local file system paths e.g. using file: URLs. Historically in Jenkins, only agents checked out from SCM, and if multiple projects share the same agent, there is no expected isolation between builds besides using different workspac...

CVE-2022-30949

Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

Jenkins Mercurial Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both open source Jenkins products. Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...