CVE-2024-1342

...

CVE-2024-1342

...

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, and load balancing. A security vulnerability exists in F5 BIG-IP that stems from undisclosed traffic that could cause the Traffic Management Microkernel TMM proce...

jenkins: cross-site WebSocket hijacking

A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint...

jenkins: cross-site WebSocket hijacking

A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint...

Important: Red Hat Security Advisory: Jenkins and Jenkins-2-plugins security update

An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

jenkins: cross-site WebSocket hijacking

A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint...

[SECURITY] Fedora 38 Update: python-aiohttp-3.9.3-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

[SECURITY] Fedora 39 Update: python-aiohttp-3.9.3-1.fc39

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

The vulnerability of the WebSocket component in the Nozomi Guardian network detection and monitoring tool, as well as the Nozomi Central Management Console (CMC) – a centralized security management tool – allows attackers to influence the confidentiality of the protected information.

The vulnerability of the WebSocket component in the Nozomi Guardian network detection and monitoring tool, as well as the Nozomi Central Management Console CMC, relates to the lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker to influence the...

Cross-Site WebSocket Hijacking (CSWSH)

jenkins-core is vulnerable to Cross-Site Scripting. The vulnerability is due to improper origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenkins controller...

CVE-2024-23898

A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint...

FreeBSD : jenkins -- multiple vulnerabilities (8b03d274-56ca-489e-821a-cf32f07643f0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8b03d274-56ca-489e-821a-cf32f07643f0 advisory. - Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI...

GHSA-53PH-2R2X-VQW8 Cross-site WebSocket hijacking vulnerability in the Jenkins CLI

Jenkins has a built-in command line interface CLI to access Jenkins from a script or shell environment. Since Jenkins 2.217 and LTS 2.222.1, one of the ways to communicate with the CLI is through a WebSocket endpoint. This endpoint relies on the default Jenkins web request authentication...

Cross-site WebSocket hijacking vulnerability in the Jenkins CLI

Jenkins has a built-in command line interface CLI to access Jenkins from a script or shell environment. Since Jenkins 2.217 and LTS 2.222.1, one of the ways to communicate with the CLI is through a WebSocket endpoint. This endpoint relies on the default Jenkins web request authentication...

CVE-2024-23898

Jenkins 2.217 through 2.441 both inclusive, LTS 2.222.1 through 2.426.2 both inclusive does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenki...

CVE-2024-23898

Jenkins 2.217 through 2.441 both inclusive, LTS 2.222.1 through 2.426.2 both inclusive does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenki...

CVE-2024-23898

Jenkins 2.217 through 2.441 both inclusive, LTS 2.222.1 through 2.426.2 both inclusive does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenki...

Cross site scripting

Jenkins 2.217 through 2.441 both inclusive, LTS 2.222.1 through 2.426.2 both inclusive does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking CSWSH vulnerability, allowing attackers to execute CLI commands on the Jenki...