3485 matches found
Jenkins GitHub Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Git Plugin 访问控制错误漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. An Access Control Error...
PT-2022-4030 · Jenkins · Jenkins Git Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Plugin versions 1.34.4 and earlier Description: The issue is related to the disclosure of information through inconsistency. It allows a remote attacker to gain unauthorized access to protected information. The problem lies in...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events...
Stored Cross-site Scripting (XSS) leads to Account Takeover
🔒️ Requirements - Be able to edit or create documents. - Click of a user on the link. 📝 Description The markdown's link creation feature does not properly sanitize url input, which allows to use error event to execute javascript. Furthermore, due to a lack of HttpOnly flag on sessions cookie, it i...
Jenkins RocketChat Notifier Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...
Cross-site Scripting in Jenkins GitLab Plugin
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. GitLab Plugin 1.5.35 does not show user-provide...
CVE-2022-34802
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34802
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34777
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34777
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34777
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins Plugin GitLab 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
PT-2022-22328 · Jenkins · Jenkins Git Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.34 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape multiple fields inserted into the description of...
PT-2022-22354 · Jenkins · Jenkins Rocketchat Notifier Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.5.2 and earlier Description: The issue concerns the storage of sensitive information in the global configuration file on the Jenkins controller. Specifically, the login password and webhook token...
MAL-2022-6708 Malicious code in twitter-webhook-boilerplate-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4c54edfa90310f933c9c48f23b3e0d63b678c99863e73ed61a71cfbc0cea32e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in twitter-webhook-boilerplate-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d4c54edfa90310f933c9c48f23b3e0d63b678c99863e73ed61a71cfbc0cea32e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in webhook-provisioner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 697ea38acf4a193645bda704d70e5d5e598227df1456666b6997d1c09ffcbacd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7096 Malicious code in webhook-provisioner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 697ea38acf4a193645bda704d70e5d5e598227df1456666b6997d1c09ffcbacd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...