Malicious code in jotform-webhook-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 79c05d67fd61e4cb82e93b3c98181d7cc58e89c7dab47e8aab381f60211ef6db The OpenSSF Package Analysis project identified 'jotform-webhook-test' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

MAL-2023-8438 Malicious code in jotform-webhook-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 79c05d67fd61e4cb82e93b3c98181d7cc58e89c7dab47e8aab381f60211ef6db The OpenSSF Package Analysis project identified 'jotform-webhook-test' @ 1.0.0 npm as malicious. It is considered malicious because: - The packa...

Cve-Collector - Simple Latest CVE Collector

Simple Latest CVE Collector Written in Python There are various methods for collecting the latest CVE Common Vulnerabilities and Exposures information. This code was created to provide guidance on how to collect, what information to include, and how to code when creating a CVE collector. The code...

The vulnerability of the Jenkins Multibranch Scan Webhook Trigger Plugin, related to the disclosure of information, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Jenkins Multibranch Scan Webhook Trigger Plugin is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the Jenkins MSTeams Webhook Trigger Plugin, related to the disclosure of information, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Jenkins MSTeams Webhook Trigger Plugin is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 16, 2023 to October 22, 2023)

Last week, there were 109 vulnerabilities disclosed in 95 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 39 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

GHSA-8859-V9JP-CPHF Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication o...

GHSA-2XPQ-5952-38W3 Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this...

GHSA-86J9-25M2-9W97 Non-constant time webhook token hash comparison in Jenkins Zanata Plugin

Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, ther...

GHSA-885R-HHPR-CC9P Jenkins Gogs Plugin uses non-constant time webhook token comparison

Jenkins Gogs Plugin 1.0.15 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is n...

Jenkins Gogs Plugin uses non-constant time webhook token comparison

Jenkins Gogs Plugin 1.0.15 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is n...

Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication o...

Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this...

CVE-2023-46656

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46657

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46656

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46658

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46657

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...