353 matches found
Grafana 访问控制错误漏洞
Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana suffers from an Access Control Error vulnerability that stems from the fact th...
jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure
A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations...
SolarWinds N-Central Cross-Site Request Forgery Vulnerability
SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...
PT-2020-17212 · Awstats +3 · Awstats +3
Name of the Vulnerable Software and Affected Versions: AWStats versions prior to 7.8 Description: The issue allows an absolute pathname to be accepted by the cgi-bin/awstats.pl endpoint, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. This is due to an...
CVE-2020-2323
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions...
PT-2020-15557 · Jenkins · Jenkins Chaos Monkey Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Chaos Monkey Plugin versions 0.4 and earlier Description: The issue allows attackers with Overall/Read permission to access the Chaos Monkey page and see the history of actions due to a lack of permission checks in an HTTP endpoint...
PT-2020-15536 · Jenkins · Jenkins Mercurial Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.11 and earlier Jenkins Mercurial Plugin versions prior to 2.12 Description: A missing permission check in the Jenkins Mercurial Plugin allows attackers with Overall/Read permission to obtain a list of names...
Apache Hadoop web endpoint privilege escalation vulnerability
Apache Hadoop is a set of open source distributed systems infrastructure of the U.S. Apache Apache Software Foundation. The product is capable of distributed processing of large amounts of data and is characterized by high reliability, high scalability, high fault tolerance and so on. Apache Hado...
CVE-2018-11764
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured...
Authentication flaw
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured...
CVE-2018-11764
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured...
CVE-2018-11764
CVE-2018-11764 concerns Hadoop where the web endpoint authentication check is broken. The vulnerability affects Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0, enabling an authenticated user to impersonate any user even without a configured proxy user. The root cause is a flawed authenticatio...
CVE-2018-11764
A flaw was found in Apache Hadoop, where the Web endpoint authentication check is broken. This flaw allows authenticated users to impersonate any user even if no proxy user is configured...
PT-2020-15511 · Jenkins · Jenkins Implied Labels Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Implied Labels Plugin versions 0.6 and earlier Description: The issue arises from a lack of permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. This is resolved in version 0.7...
PT-2020-15515 · Jenkins · Jenkins Liquibase Runner Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Liquibase Runner Plugin versions 1.4.7 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can be done...
CloudBees Jenkins Health Advisor by CloudBees Privilege Control Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A security vulnerability exis...
Wonitor - Fast, Zero Config Web Endpoint Change Monitor
fast, zero config web endpoint change monitor. for comparing responses, a selected list of http headers and the full response body is stored on a local key/value store file. no configuration needed. to increase network throughput, a --worker flag allows to set the concurrency when monitoring...
CVE-2020-3224
A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The...
Atlassian Fisheye and Crucible Information Disclosure Vulnerability (CNVD-2020-38890)
Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. An information disclosure vulnerability exists in /json/fe/activeUserFinder.do in Altassian Fisheye a...
CVE-2019-0363
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services Advanced model, before version 1.0.118, to overload the server or retrieve information about internal network ports...