Lucene search
+L

353 matches found

CNNVD
CNNVD
added 2021/03/18 12:0 a.m.12 views

Grafana 访问控制错误漏洞

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana suffers from an Access Control Error vulnerability that stems from the fact th...

7.5CVSS7.9AI score0.03497EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2021/03/03 12:28 p.m.5 views

jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure

A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations...

4.3CVSS5.8AI score0.01066EPSS
Exploits0References5
CNVD
CNVD
added 2020/12/17 12:0 a.m.4 views

SolarWinds N-Central Cross-Site Request Forgery Vulnerability

SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...

8.8CVSS7AI score0.00944EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/12/07 12:0 a.m.5 views

PT-2020-17212 · Awstats +3 · Awstats +3

Name of the Vulnerable Software and Affected Versions: AWStats versions prior to 7.8 Description: The issue allows an absolute pathname to be accepted by the cgi-bin/awstats.pl endpoint, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. This is due to an...

9.8CVSS9.5AI score0.04352EPSS
Exploits1References40
OSV
OSV
added 2020/12/03 4:15 p.m.8 views

CVE-2020-2323

Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions...

5.3CVSS5.8AI score0.00824EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/12/03 12:0 a.m.6 views

PT-2020-15557 · Jenkins · Jenkins Chaos Monkey Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Chaos Monkey Plugin versions 0.4 and earlier Description: The issue allows attackers with Overall/Read permission to access the Chaos Monkey page and see the history of actions due to a lack of permission checks in an HTTP endpoint...

5.3CVSS5.1AI score0.00824EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.3 views

PT-2020-15536 · Jenkins · Jenkins Mercurial Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.11 and earlier Jenkins Mercurial Plugin versions prior to 2.12 Description: A missing permission check in the Jenkins Mercurial Plugin allows attackers with Overall/Read permission to obtain a list of names...

4.3CVSS4.4AI score0.01066EPSS
Exploits0References7
CNVD
CNVD
added 2020/10/28 12:0 a.m.6 views

Apache Hadoop web endpoint privilege escalation vulnerability

Apache Hadoop is a set of open source distributed systems infrastructure of the U.S. Apache Apache Software Foundation. The product is capable of distributed processing of large amounts of data and is characterized by high reliability, high scalability, high fault tolerance and so on. Apache Hado...

9CVSS6.9AI score0.02394EPSS
Exploits0References1
OSV
OSV
added 2020/10/21 7:15 p.m.16 views

CVE-2018-11764

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured...

8.8CVSS7AI score
Exploits0References2
Prion
Prion
added 2020/10/21 7:15 p.m.18 views

Authentication flaw

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured...

9CVSS8.8AI score0.02394EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/21 6:13 p.m.29 views

CVE-2018-11764

Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured...

8.9AI score0.02394EPSS
Exploits0References2
CVE
CVE
added 2020/10/21 6:13 p.m.89 views

CVE-2018-11764

CVE-2018-11764 concerns Hadoop where the web endpoint authentication check is broken. The vulnerability affects Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0, enabling an authenticated user to impersonate any user even without a configured proxy user. The root cause is a flawed authenticatio...

9CVSS8.7AI score0.02394EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/10/21 3:25 p.m.31 views

CVE-2018-11764

A flaw was found in Apache Hadoop, where the Web endpoint authentication check is broken. This flaw allows authenticated users to impersonate any user even if no proxy user is configured...

9CVSS3.2AI score0.02394EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/09/23 12:0 a.m.5 views

PT-2020-15511 · Jenkins · Jenkins Implied Labels Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Implied Labels Plugin versions 0.6 and earlier Description: The issue arises from a lack of permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. This is resolved in version 0.7...

4.3CVSS4.4AI score0.00656EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/09/23 12:0 a.m.9 views

PT-2020-15515 · Jenkins · Jenkins Liquibase Runner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Liquibase Runner Plugin versions 1.4.7 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can be done...

4.3CVSS4.3AI score0.00691EPSS
Exploits0References7
CNVD
CNVD
added 2020/09/17 12:0 a.m.2 views

CloudBees Jenkins Health Advisor by CloudBees Privilege Control Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A security vulnerability exis...

4.3CVSS6.8AI score0.00691EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/08/20 9:30 p.m.67 views

Wonitor - Fast, Zero Config Web Endpoint Change Monitor

fast, zero config web endpoint change monitor. for comparing responses, a selected list of http headers and the full response body is stored on a local key/value store file. no configuration needed. to increase network throughput, a --worker flag allows to set the concurrency when monitoring...

7.1AI score
Exploits0References2
OSV
OSV
added 2020/06/03 6:15 p.m.3 views

CVE-2020-3224

A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The...

8.8CVSS7.3AI score0.01812EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/02 12:0 a.m.4 views

Atlassian Fisheye and Crucible Information Disclosure Vulnerability (CNVD-2020-38890)

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. An information disclosure vulnerability exists in /json/fe/activeUserFinder.do in Altassian Fisheye a...

4.3CVSS6.4AI score0.0096EPSS
Exploits0References1
OSV
OSV
added 2019/09/10 5:15 p.m.5 views

CVE-2019-0363

Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services Advanced model, before version 1.0.118, to overload the server or retrieve information about internal network ports...

7.1CVSS5.8AI score0.00897EPSS
Exploits0References2
Rows per page
Query Builder