76 matches found
CVE-2022-43412
Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2022-43411
CVE-2022-43411 affects Jenkins GitLab Plugin (versions ≤ 1.5.35). The webhook token check uses a non-constant-time comparison, enabling potential timing-based…statistical attacks to deduce a valid token. The issue is fixed in GitLab Plugin 1.5.36, which adopts a constant-time comparison. Other co...
PT-2022-26896 · Jenkins · Jenkins Git Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.35 and earlier Description: The issue is related to a non-constant time comparison function used when checking the equality of provided and expected webhook tokens. This potentially allows attackers to use...
CVE-2022-34802
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34802
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
PT-2022-22354 · Jenkins · Jenkins Rocketchat Notifier Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.5.2 and earlier Description: The issue concerns the storage of sensitive information in the global configuration file on the Jenkins controller. Specifically, the login password and webhook token...
CVE-2021-41111 Authorization Bypass Through User-Controlled Key in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to versions 3.4.5 and 3.3.15, an authenticated user with authorization to read webhooks in one project can craft a request to reveal Webhook definitions and tokens in another project. The user...
Rundeck 安全漏洞
Rundeck is an open source automation service with a web console, command line tools, and WebAPI from Rundeck Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability exists in Rundeck versions prior to 3.4.5 and 3.3.15, which stems from the fact that an...
CVE-2021-39898
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...
CVE-2021-39898
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...
Code injection
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...
CVE-2021-39898
CVE-2021-39898 affects GitLab CE/EE, defined as: since version 10.6, a project export leaks the external webhook token value, potentially allowing access to the project from which it was exported. The issue is documented across multiple feeds (NVD, OSV, CVE lists, Nessus/NASIL notes) with consist...
PT-2021-22744 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.6 and later Description: The issue allows a project export to leak the external webhook token value, potentially granting access to the project it was exported from. Recommendations: For GitLab CE/EE versions 10.6 and...
GitLab Information Disclosure Vulnerability (CNVD-2021-91179)
GitLab is a self-hosted Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an information disclosure vulnerability that stems from the fact that project exports can reveal external webhook token values, which can be...
PT-2019-11853 · Jenkins · Jenkins Mattermost Notification Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mattermost Notification Plugin versions 2.7.0 and earlier Description: The issue allows stored webhook URLs containing a secret token to be viewed unencrypted in the global configuration file and job config.xml files on the Jenkins...
Red Hat OpenShift Enterprise cluster-reader information disclosure vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. cluster-reader is a cluster-reader component. A security vulnerability exists in th...