95 matches found
PT-2024-35422 · Jenkins · Jenkins Report Info Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Report Info Plugin versions 1.2 and earlier Description: The issue arises from the lack of path validation of the workspace directory while serving report files, leading to a path traversal vulnerability. This allows attackers with...
MeterSphere 安全漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in versions prior to MeterSphere 2.10.14-lts, which stems from an unauthorized member being able to overstep their rights to view member information in other workspaces...
Human vs. Non-Human Identity in SaaS
In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity dormant, active, hyperactive, thei...
CVE-2024-0435 User can submit message to self-XSS
User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS rende...
SUSE CVE-2023-3114
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the sa...
CVE-2023-3114
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the sa...
CVE-2023-3114 Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent Pool
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the sa...
CVE-2023-32749
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...
Visual Studio Code Server Files Detected
Visual Studio Code is a popular source-code editor provided by Microsoft, with extensions offering a variety of extra functionality including remote workspace access via ssh. Use of this remote workflow creates a hidden directory named .vscode-server on the remote server which may be exposed with...
MeterSphere 安全漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. MeterSphere version 2.9.0 before the security vulnerability , the vulnerability stems from allowing the administrator of a project to modify other projects under the workspace...
PT-2022-4060 · Vmware · Vmware Vrealize Automation +2
Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE Access, Identity Manager and vRealize Automation affected versions not specified Description: The issue is related to insufficient access control in the administration platform of VMware Workspace ONE Access, VMware...
CVE-2022-36915
Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...
CVE-2022-36892
Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace...
Jenkins Android Signing Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Unable to limit visibility of applications to specific user groups
Previously able to restrict apps visibility to specific users or user groups using the 'Limit Visibility' option through the app properties. Now all company's users can see all apps when logging to the Cloud Workspace...