Lucene search
K

76 matches found

Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.7 views

CVE-2022-43412

Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

6.9AI score0.00501EPSS
Exploits0References2
CVE
CVE
added 2022/10/19 12:0 a.m.96 views

CVE-2022-43411

CVE-2022-43411 affects Jenkins GitLab Plugin (versions ≤ 1.5.35). The webhook token check uses a non-constant-time comparison, enabling potential timing-based…statistical attacks to deduce a valid token. The issue is fixed in GitLab Plugin 1.5.36, which adopts a constant-time comparison. Other co...

5.3CVSS5AI score0.00655EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.4 views

PT-2022-26896 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.35 and earlier Description: The issue is related to a non-constant time comparison function used when checking the equality of provided and expected webhook tokens. This potentially allows attackers to use...

5.3CVSS4.8AI score0.00655EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/06/30 6:15 p.m.2 views

CVE-2022-34802

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

4.3CVSS5.9AI score0.00701EPSS
Exploits0References2
OSV
OSV
added 2022/06/30 6:15 p.m.15 views

CVE-2022-34802

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

4.3CVSS4.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.2 views

PT-2022-22354 · Jenkins · Jenkins Rocketchat Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.5.2 and earlier Description: The issue concerns the storage of sensitive information in the global configuration file on the Jenkins controller. Specifically, the login password and webhook token...

4.3CVSS4.3AI score0.00701EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/02/28 7:15 p.m.8 views

CVE-2021-41111 Authorization Bypass Through User-Controlled Key in Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user...

6.4CVSS6.3AI score0.00546EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.4 views

Rundeck 安全漏洞

Rundeck is an open source automation service with a web console, command line tools, and WebAPI from Rundeck Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability exists in Rundeck versions prior to 3.4.5 and 3.3.15, which stems from the fact that an...

6.4CVSS5.8AI score0.00546EPSS
Exploits0References5
NVD
NVD
added 2021/11/05 12:15 a.m.13 views

CVE-2021-39898

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...

5.3CVSS0.01245EPSS
Exploits0References3
OSV
OSV
added 2021/11/05 12:15 a.m.16 views

CVE-2021-39898

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...

5.3CVSS6.5AI score0.01245EPSS
Exploits0References3
Prion
Prion
added 2021/11/05 12:15 a.m.13 views

Code injection

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...

5CVSS5.1AI score0.01245EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/11/04 11:21 p.m.68 views

CVE-2021-39898

CVE-2021-39898 affects GitLab CE/EE, defined as: since version 10.6, a project export leaks the external webhook token value, potentially allowing access to the project from which it was exported. The issue is documented across multiple feeds (NVD, OSV, CVE lists, Nessus/NASIL notes) with consist...

5.3CVSS5.1AI score0.01245EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.7 views

PT-2021-22744 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.6 and later Description: The issue allows a project export to leak the external webhook token value, potentially granting access to the project it was exported from. Recommendations: For GitLab CE/EE versions 10.6 and...

5.3CVSS4.8AI score0.01245EPSS
Exploits0References11
CNVD
CNVD
added 2021/11/01 12:0 a.m.19 views

GitLab Information Disclosure Vulnerability (CNVD-2021-91179)

GitLab is a self-hosted Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an information disclosure vulnerability that stems from the fact that project exports can reveal external webhook token values, which can be...

5.3CVSS1.9AI score0.01245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/23 12:0 a.m.6 views

PT-2019-11853 · Jenkins · Jenkins Mattermost Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mattermost Notification Plugin versions 2.7.0 and earlier Description: The issue allows stored webhook URLs containing a secret token to be viewed unencrypted in the global configuration file and job config.xml files on the Jenkins...

6.5CVSS6.3AI score0.00927EPSS
Exploits0References5
CNVD
CNVD
added 2018/08/27 12:0 a.m.2 views

Red Hat OpenShift Enterprise cluster-reader information disclosure vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. cluster-reader is a cluster-reader component. A security vulnerability exists in th...

5CVSS5.1AI score0.00895EPSS
Exploits0References1
Rows per page
Query Builder