GHSA-279F-QWGH-H5MP Jenkins does not exclude sensitive build variables from search

Jenkins allows filtering builds in the build history widget by specifying an expression that searches for matching builds by name, description, parameter values, etc. Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables...

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

CVE-2023-20597

CVE-2023-20597 concerns improper initialization of variables in the AMD DXE driver, leading to potential local-information disclosure. The vulnerability is discussed across multiple sources (AMD/SB-4007 and related advisories), which describe memory-leak risks in the DXE driver and note mitigatio...

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

Code injection

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

CVE-2023-43494

CVE-2023-43494 affects Jenkins 2.50–2.423 and LTS 2.60.1–2.414.1, where sensitive build variables (e.g., password values) are not excluded from the build history search. An attacker with Item/Read permission can iteratively test characters to reveal sensitive variable values used in builds. Conne...

PT-2023-28844 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.50 through 2.423 Jenkins LTS versions 2.60.1 through 2.414.1 Description: The issue allows attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characte...

Jenkins LTS < 2.414.2 / Jenkins weekly < 2.424 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.414.2 or Jenkins weekly prior to 2.424. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through...

Jenkins Security Vulnerabilities

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins has a security vulnerability that stems from not excluding sensitive build variables such as password parameter...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3261 / CVE-2023-43494 Builds can be filtered by values of sensitive build variables High SECURITY-3245 / CVE-2023-43495 Stored XSS vulnerability High SECURITY-3072 / CVE-2023-43496 Temporary plugin file created with insecure permissions Low...

Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an "unauthenticated and remote attacker to execute...

CVE-2021-32751

A flaw was found in Gradle, which allows a remote, authenticated attacker to execute arbitrary code on the system caused by a flaw in start and gradlew. By sending specially crafted environment variables, an attacker can execute arbitrary code on the system. Mitigation CI/CD systems using the...

Relying on string comparisons to determine which parameter to update in the file() function is brittle and could lead to unintended consequences.

Lines of code Vulnerability details Impact This can allow unintentionally changing sensitive state variables Proof of Concept The vulnerability arises because: file relies on a simple string comparison of the what parameter to determine which state variable to update. A developer could accidental...

GHSA-4W8R-3XRW-V25G Craft CMS Remote Code Execution vulnerability

Impact This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. Mitigations This has been fixed in Craft 4.4.15. You should ensure you’re running at least that version. Refresh you...

CVE-2021-44172

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...

CVE-2021-44172

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the E...