2 matches found
PT-2022-17126 · Hashicorp +1 · Jenkins Hashicorp Vault Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins HashiCorp Vault Plugin versions 3.8.0 and earlier Description: The issue allows agent processes to retrieve any Vault secrets for use on the agent. Attackers able to control agent processes can obtain Vault secrets for an...
CVE-2020-5217
In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...