PT-2023-6545 · Jenkins · Jenkins Msteams Webhook Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MSTeams Webhook Trigger Plugin versions 0.1.1 and earlier Description: The issue is related to information disclosure. It may allow a remote attacker to gain unauthorized access to protected information. The problem lies in the...

Jenkins Plugin Multibranch Scan Webhook Trigger Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Authentication Bypass

homeassistant is vulnerable to Authentication Bypass. The vulnerability is caused by an attacker triggering a webhook that are marked as only accessible from the local network, even when the attacker is not connected to the local network. The attacker could exploit this vulnerability by sending a...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)

Last week, there were 103 vulnerabilities disclosed in 85 WordPress Plugins and no WordPress themes, with 7 of those being in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress Securi...

Home Assistant Security Breach

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home assistant versions prior to 2023.9.0, which stems from a security flaw in the component webhook that allows an attacker to...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023)

Last week, there were 90 vulnerabilities disclosed in 68 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance

Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through an SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target's environment," security researchers...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)

Last week, there were 42 vulnerabilities disclosed in 37 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 10 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

Design/Logic Flaw

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy

Impact An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted endpointSelector that uses the DoesNotExist operato...

GHSA-4XP2-W642-7MCX Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy

Impact An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted endpointSelector that uses the DoesNotExist operato...

CVE-2023-41333 Bypass of namespace restrictions in CiliumNetworkPolicy

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...

CVE-2023-41333 Bypass of namespace restrictions in CiliumNetworkPolicy

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...

CVE-2023-41333 Bypass of namespace restrictions in CiliumNetworkPolicy

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...

CVE-2023-39347 Cilium NetworkPolicy bypass via pod labels

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

CVE-2023-39347 Cilium NetworkPolicy bypass via pod labels

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

CVE-2023-39347 Cilium NetworkPolicy bypass via pod labels

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...

GHSA-GJ2R-PHWG-6RWW Kubernetes users may update Pod labels to bypass network policy

Impact An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect:...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)

Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

Server Side Request Forgery (SSRF)

WireMock is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by a failure in filtering target addresses during Webhook proxing even when the allowed address rules and denied address rules are configured, regardless of the limitProxyTargets settings. This can lead to...