Lucene search
K

95 matches found

Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.3 views

PT-2024-35422 · Jenkins · Jenkins Report Info Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Report Info Plugin versions 1.2 and earlier Description: The issue arises from the lack of path validation of the workspace directory while serving report files, leading to a path traversal vulnerability. This allows attackers with...

4.3CVSS6.3AI score0.00831EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.3 views

MeterSphere 安全漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in versions prior to MeterSphere 2.10.14-lts, which stems from an unauthorized member being able to overstep their rights to view member information in other workspaces...

6.5CVSS6.5AI score0.00532EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/03/07 11:11 a.m.26 views

Human vs. Non-Human Identity in SaaS

In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity dormant, active, hyperactive, thei...

6.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/02/25 5:4 p.m.19 views

CVE-2024-0435 User can submit message to self-XSS

User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS rende...

8.1CVSS6.1AI score0.00473EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/06/24 1:47 a.m.4 views

SUSE CVE-2023-3114

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the sa...

7.7CVSS6.7AI score0.0042EPSS
Exploits0References3
OSV
OSV
added 2023/06/22 10:15 p.m.4 views

CVE-2023-3114

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the sa...

7.7CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2023/06/22 9:59 p.m.24 views

CVE-2023-3114 Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent Pool

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the sa...

5CVSS7.5AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2023/06/08 8:15 p.m.37 views

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

8.8CVSS8.7AI score0.14197EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2023/05/05 12:0 a.m.10 views

Visual Studio Code Server Files Detected

Visual Studio Code is a popular source-code editor provided by Microsoft, with extensions offering a variety of extra functionality including remote workspace access via ssh. Use of this remote workflow creates a hidden directory named .vscode-server on the remote server which may be exposed with...

7.5AI score
Exploits0References1
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.4 views

MeterSphere 安全漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. MeterSphere version 2.9.0 before the security vulnerability , the vulnerability stems from allowing the administrator of a project to modify other projects under the workspace...

6.8CVSS5.1AI score0.0067EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.2 views

PT-2022-4060 · Vmware · Vmware Vrealize Automation +2

Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE Access, Identity Manager and vRealize Automation affected versions not specified Description: The issue is related to insufficient access control in the administration platform of VMware Workspace ONE Access, VMware...

7.8CVSS8.4AI score0.00337EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/07/27 3:15 p.m.6 views

CVE-2022-36915

Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...

4.3CVSS5.8AI score0.00569EPSS
Exploits0References3
OSV
OSV
added 2022/07/27 3:15 p.m.5 views

CVE-2022-36892

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...

4.3CVSS5.8AI score0.00569EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.21 views

Jenkins Android Signing Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00569EPSS
Exploits0References5
Citrix
Citrix
added 2020/10/27 12:0 a.m.9 views

Unable to limit visibility of applications to specific user groups

Previously able to restrict apps visibility to specific users or user groups using the 'Limit Visibility' option through the app properties. Now all company's users can see all apps when logging to the Cloud Workspace...

7.1AI score
Exploits0
Rows per page
Query Builder