GHSA-3F2Q-6294-FMQ5 vulnerabilities

Vulnerabilities for packages: melange, snyk-cli, task, argo-events, pulumi-kubernetes-operator, argo-workflows, flux-notification-controller...

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: melange, snyk-cli, task, argo-events, pulumi-kubernetes-operator, argo-workflows, flux-notification-controller...

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: task, pulumi-kubernetes-operator, melange, snyk-cli, flux-notification-controller, argo-workflows, argo-events, argo-events-fips...

U.S. Dept Of Defense: Unauthorized access to Argo dashboard on █████

The Argo deployment on █████ was found to be vulnerable to unauthorized access, allowing manipulation of workflows and sensors. This could lead to compromise of sensitive data. Urgent mitigation is advised...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an authorization issue vulnerability that stems from...

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow has an information disclosure vulnerability that can be exploited by...

CVE-2023-38718

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606...

CVE-2023-38718 IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. can help you automate more business and IT processes at scale with the ease and speed of traditional RPA. An information disclosure vulnerability exists in IBM Robotic Process...

PT-2023-5433 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7.8 Description: The issue is related to a lack of protection for service data in IBM Robotic Process Automation, which could allow a remote attacker to disclose sensitive informatio...

Qualys Is the Outperformer in the New GigaOm Radar Report for Continuous Vulnerability Management

GigaOm has unveiled its third-annual Radar for Continuous Vulnerability Management featuring Qualys. In this Report, GigaOm provides a detailed analysis of the value and progression of vulnerability management VM capabilities to help organizations build the best security and vulnerability...

CVE-2023-38647

An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run...

Jenkins plugins Multiple Vulnerabilities (2023-06-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...

GHSA-62V2-XWH3-5GVX Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...

Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...

CVE-2023-35146

CVE-2023-35146 affects the Jenkins Template Workflows Plugin versions 41.v32d86a_313b_4a and earlier. The root cause is that the plugin does not escape names of jobs used as building blocks for Template Workflow Jobs, leading to stored cross-site scripting (XSS) exploitable by attackers who can c...