Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. The vulnerability exists through the project naming strategy...

jenkins: stored XSS vulnerability in project naming strategy

A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. The project naming strategy description, displayed on item creation, is not properly escaped. This can result in a stored cross-site scripting XSS vulnerability exploitable by users with Overall/Manage permissions. The highes...

jenkins: stored XSS vulnerability in project naming strategy

A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. The project naming strategy description, displayed on item creation, is not properly escaped. This can result in a stored cross-site scripting XSS vulnerability exploitable by users with Overall/Manage permissions. The highes...

A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems

German authorities last week disclosed that a ransomware attack on the University Hospital of Düsseldorf UKD caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away. The incident marks the first recorded casualty as a...

Rethinking Defensive Strategy at the Edge, Part 3: Strategies for Protective Action

Our three-part blog series, Re-thinking Defensive Strategy at the Edge, has been focusing on outlining a new defensive edge strategy for today's enterprise. We began with a discussion of data and indicators. Most recently, our second post focused on using risk signals and correlating them for...

Rethinking Defensive Strategy at the Edge, Part 2: Risk Signals as Security Controls

In the first post in our blog series Rethinking Defensive Strategy at the Edge, we began to outline why a new defensive edge strategy is needed for today's enterprise. As previously mentioned, the strategy enhances those in place and introduces another layer of defense that includes the following...

A "DFUR-ent" Perspective on Threat Modeling and Application Log Forensic Analysis

Many organizations operating in e-commerce, hospitality, healthcare, managed services, and other service industries rely on web applications. And buried within the application logs may be the potential discovery of fraudulent use and/or compromise! But, let's face it, finding evil in application...

AMD Radeon DirectX 11 Driver Vulnerabilities - Lenovo Support US

No description provided...

AMD Radeon DirectX 11 Driver Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-42153 Potential Impact: Code execution Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-6100, CVE-2020-6101, CVE-2020-6102, CVE-2020-6103 Summary Description: AMD reported potential vulnerabilities in a specific virtual machine VM configuration...

NVIDIA GeForce Experience - July 2020 - Lenovo Support US

No description provided...

Intel AMT and Intel ISM Advisory - Lenovo Support US

No description provided...

Intel AMT and Intel ISM Advisory - Lenovo Support US

Lenovo Security Advisory: LEN-41856 Potential Impact: Privilege escalation Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-8758 Summary Description: Intel reported potential security vulnerabilities in Intel Active Management Technology AMT and Intel Standard Manageability...

Intel BIOS Advisory - Lenovo Support US

No description provided...

Microsoft Security: What cybersecurity skills do I need to become a CISO?

Build the business skills you need to advance to Chief Information Security Officer For many cybersecurity professionals, the ultimate career goal is to land a chief information security officer CISO job. A CISO is an executive-level position responsible for cyber risk management and operations...

Are employees the weakest link in your security strategy? Train them!

Email is the number one threat vector. There’s no exception, even with a global pandemic, on the contrary: COVID-19 has been used as an appealing hook by cyber criminals. Data from Trend Micro Smart Protection Network shows that for the first five months of 2020, 92 per cent of all the cyber...

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

FreeBSD : jenkins -- multiple vulnerabilities (eef0d2d9-78c0-441e-8b03-454c5baebe20)

Jenkins Security Advisory : DescriptionHigh SECURITY-1955 / CVE-2020-2229 Stored XSS vulnerability in help icons High SECURITY-1957 / CVE-2020-2230 Stored XSS vulnerability in project naming strategy High SECURITY-1960 / CVE-2020-2231 Stored XSS vulnerability in 'Trigger builds remotely' C Tenabl...

PT-2020-15451 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.251 and earlier Jenkins LTS versions 2.235.3 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the project naming strategy description is not properly escaped...

Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development

Much has been made of the cybersecurity skills shortage: It has long been an issue that many companies can’t effectively source the in-house talent they need, even as threats accelerate in both volume and sophistication. A recent survey however shows that the situation doesn’t appear to be...