Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 9.12.0 through 11.5.0, which stems from a Webhook trigger that could lead to the disclosure of...

The vulnerability of the Jenkins MSTeams Webhook Trigger Plugin, related to the disclosure of information, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Jenkins MSTeams Webhook Trigger Plugin is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Jenkins Multibranch Scan Webhook Trigger Plugin, related to the disclosure of information, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Jenkins Multibranch Scan Webhook Trigger Plugin is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

GHSA-2XPQ-5952-38W3 Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this...

CVE-2023-46656

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46658

CVE-2023-46658 affects Jenkins MSTeams Webhook Trigger Plugin (versions 0.1.1 and earlier). The root cause is a non-constant time comparison when verifying the webhook token, which could enable attackers to use statistical methods to deduce a valid token. Public references (GHSA/NVD) describe the...

CVE-2023-46656

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46656

CVE-2023-46656 affects Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier. The root cause is a non-constant time comparison when verifying the webhook token, which can enable attackers to use statistical methods to determine a valid token. Public references (including Red ...

Jenkins Plugin Multibranch Scan Webhook Trigger Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Plugin MSTeams Webhook Trigger Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-6545 · Jenkins · Jenkins Msteams Webhook Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MSTeams Webhook Trigger Plugin versions 0.1.1 and earlier Description: The issue is related to information disclosure. It may allow a remote attacker to gain unauthorized access to protected information. The problem lies in the...

Jenkins Generic Webhook Trigger Plugin External Entity Injection (CVE-2021-21669)

An XXE vulnerability exists in Jenkins Generic Webhook Trigger Plugin. The vulnerability is due to insufficient validation of input parameters. Successful exploitation could lead to the disclosure of file contents for any file readable by Jenkins...

Jenkins Plugin Generic Webhook Trigger 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-43412

Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2022-43412

CVE-2022-43412 affects Jenkins Generic Webhook Trigger Plugin (versions 1.84.1 and earlier). The vulnerability stems from a non-constant time comparison when validating the provided webhook token against the expected token, which could enable attackers to infer a valid token via statistical metho...

GHSA-732F-W585-GMPC XXE vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to call webhooks configured to extract parameters using XPath to have Jenkins parse a crafted XML request body that uses...

XXE vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to call webhooks configured to extract parameters using XPath to have Jenkins parse a crafted XML request body that uses...

Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-25185

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...