EUVD-2022-48742

Malicious code in bioql PyPI...

CVE-2024-21494

All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module /whoami API endpoint. This could lead to...

Authentication Bypass by Spoofing

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user...

CVE-2022-45895

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie findable in HTML source code for Default.aspx in some situations and the WhoAmI endpoint e.g., path disclosure...

CVE-2022-45895

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie findable in HTML source code for Default.aspx in some situations and the WhoAmI endpoint e.g., path disclosure...

Path traversal

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie findable in HTML source code for Default.aspx in some situations and the WhoAmI endpoint e.g., path disclosure...

CVE-2022-45895

Planet eStream exposes sensitive information in versions prior to 6.72.10.07 due to issues involving the ON cookie (findable in Default.aspx HTML source) and the WhoAmI endpoint (path disclosure). The CVE-2022-45895 entry consolidates this information as a user-notification-style vulnerability wi...

CVE-2022-45895

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie findable in HTML source code for Default.aspx in some situations and the WhoAmI endpoint e.g., path disclosure...

CVE-2022-45895

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie findable in HTML source code for Default.aspx in some situations and the WhoAmI endpoint e.g., path disclosure...

GHSA-47WC-P5CP-W7PW Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

jenkins: Diagnostic web page exposed Cookie HTTP header

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly...

PT-2019-11799 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier, LTS versions 2.176.3 and earlier Description: The issue allows attackers to obtain the HTTP session cookie, despite it being marked HttpOnly, by exploiting another XSS vulnerability and accessing the /whoAm...