com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +93 more potentially affected by CVE-2018-1000866 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.6)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2018-1000866 Source advisory: OSV:GHSA-GQHM-4H93-R...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +87 more potentially affected by CVE-2017-1000096 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.36)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2017-1000096 Source advisory: OSV:GHSA-MHWQ-4MH7-F...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.mig82:folder-properties (>=57.vde5161ec7a_b_a_ <=61.vc6d404b_75d60) +55 more potentially affected by CVE-2018-1000015 via org.jenkins-ci.plugins.workflow:workflow-durable-task-step (>=0.1-beta-1 <=2.14)

org.jenkins-ci.plugins.workflow:workflow-durable-task-step MAVEN version =0.1-beta-1, =1.9.2-beta, =57.vde5161ec7aba, =1.3.0, =1.1.0.825.v30618768da42, =1.0-alpha-2, =1.27.17, =1.0-alpha-2, =1.0-alpha-2, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.2.0, =1.0-alpha-2, =28.v4f731c96b5f9,...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +93 more potentially affected by CVE-2019-1003041 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.6)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2019-1003041 Source advisory: OSV:GHSA-X74X-QF5J-3...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +93 more potentially affected by CVE-2019-1003030 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.6)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2019-1003030 Source advisory: OSV:GHSA-R6MC-MRVR-2...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2021-44531 DESCRIPTION: Node.js cou...

Privilege Escalation

github.com/argoproj/argo-workflows is vulnerable to privilege escalation. An attacker can create a workflow through the newHTTPServer function of argoserver.go that produces an HTML artifact and makes XRL calls to the Argo Server API by using a script, allowing the attacker to send malicious emai...

CVE-2022-29164

Affected software: Argo Workflows (Kubernetes) Vulnerability summary: An attacker can craft a HTML artifact in a workflow that contains a script using XHR to interact with the Argo Server API. The attacker emails a link to the deep-link artifact; when opened by a victim, the script executes with ...

CVE-2022-29173

go-tuf is a Go implementation of The Update Framework TUF. go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to...

Code injection

go-tuf is a Go implementation of The Update Framework TUF. go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to...

CVE-2022-29173

go-tuf is a Go implementation of The Update Framework TUF. go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to...

Security Bulletin: Cross-site scripting vulnerabilities in jQuery may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-11022, CVE-2020-11023

Summary A copy of the open source library jQuery is shipped as part of the swagger-ui in IBM Business Process Manager and IBM Business Automation Workflow. Cross-Site scripting vulnerabilities have been reported for this library. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is...

Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-7656, CVE-2020-11022, CVE-2020-11023

Summary Cross Site Scripting vulnerabilities in jQuery might affect Process Portal in IBM Business Automation Workflow and IBM Business Process Manager BPM. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2022-0155, CVE-2022-0536, CVE-2021-3749

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the trim...

nuclei-templates

This repository is a collection of community-curated templates for the nuclei engine to find security vulnerabilities in applications. The templates are stored in the cves/ directory and are used by the nuclei scanner to identify potential vulnerabilities. The repository also contains workflows f...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-29047 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.2)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-29047 Source advisory: OSV:GHSA-HH6F-6FP5-GFPV...

Security Bulletin: Vulnerabilities (CVE-2021-39038, CVE-2021-23450) in IBM WebSphere Application Server may impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology

Summary IBM Engineering Lifecycle Management ELM products based on IBM Jazz technology may integrate with IBM WebSphere Application Server WAS. Please review the following WAS Bulletins CVE-2021-39038, CVE-2021-23450 and take corrective actions. Vulnerability Details Refer to the security bulleti...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary The Lucene library used in IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a Denial of Service attack. Vulnerability Details Third Party Entry: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular...

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-38893

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a cross-site scripting attack. Vulnerability Details CVEID: CVE-2021-38966 DESCRIPTION: IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed...

Apache DolphinScheduler Denial of Service Vulnerability

Apache DolphinScheduler, a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation, is a denial-of-service vulnerability in versions prior to Apache DolphinScheduler 2.0.5, which stems from a user registration interface that does not properly handle incoming...