Apache Airflow contains open redirect

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...

GHSA-JJCH-7G85-4M72 Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and...

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

CVE-2022-41227

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials...

Design/Logic Flaw

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

CVE-2022-41228

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials...

CVE-2022-40754

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...

CVE-2022-40754

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...

PYSEC-2022-280

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...

Open redirect

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...

PYSEC-2022-280

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...

CVE-2022-40754 Open Redirect

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint...

CVE-2022-40754

Summary: CVE-2022-40754 affects Apache Airflow 2.3.0–2.3.4, describing an open redirect in the webserver’s /confirm endpoint. The root cause is an open redirect vulnerability that could enable attackers to lead users to a malicious site via an apparently legitimate URL. No exploitation details or...

PT-2022-25514 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.3.0 through 2.3.4 Description: The issue is related to an open redirect in the webserver's "/confirm" endpoint. This endpoint is vulnerable to open redirect attacks. Recommendations: For Apache Airflow versions 2.3.0...

PT-2022-25743 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.129 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using...

CVE-2022-1368

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...