PT-2023-30424 · Unknown · Swiftyedit Content Management System

Name of the Vulnerable Software and Affected Versions: SwiftyEdit Content Management System versions prior to 1.2.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which allows remote attackers to escalate privileges via the user password update functionality...

PT-2021-22485 · Apache · Apache Ozone

Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue arises because the Ozone Datanode in Apache Ozone does not check the access mode parameter of the block token. As a result, authenticated users who have a valid READ block token can...

PT-2020-15357 · Jenkins · Jenkins Mabl Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mac Plugin versions 1.1.0 and earlier Description: The issue concerns the lack of SSH host key validation when connecting agents created by the plugin, which could enable man-in-the-middle attacks. This allows an attacker to intercept...

PT-2020-15326 · Jenkins · Jenkins Azure Ad Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure AD Plugin versions 1.1.2 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Specificall...

PT-2019-17673 · Unknown · Serve-Here.Js

Name of the Vulnerable Software and Affected Versions: serve-here.js versions prior to 1.2.0 Description: The issue allows attackers to list any file in an arbitrary folder due to a path traversal vulnerability. This is caused by the package's failure to sanitize URLs, enabling attackers to acces...