223 matches found
Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.319.2 or Jenkins weekly prior to 2.330. It is, therefore, affected by multiple vulnerabilities: - A cross-site request forgery CSRF vulnerability in Jenkins 2.329 a...
Jenkins Metrics Plugin Licensing Issue Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Metrics Plugin in version 4.0.2.8 and earlier is vulnerable to an authorization issue that stems from an unencrypt...
GHSA-GG9M-X3CG-69VH Access key stored in plain text by Jenkins Metrics Plugin
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file jenkins.metrics.api.MetricsAccessKey.xml on the Jenkins controller as part of its configuration. This access key can be viewed by users with access to the Jenkins controller file system...
Access key stored in plain text by Jenkins Metrics Plugin
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file jenkins.metrics.api.MetricsAccessKey.xml on the Jenkins controller as part of its configuration. This access key can be viewed by users with access to the Jenkins controller file system...
CVE-2022-20621
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-20621
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-20621
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-20621
CVE-2022-20621 affects Jenkins Metrics Plugin, where versions 4.0.2.8 and earlier store an access key unencrypted in the plugin’s global configuration on the Jenkins controller. This plaintext key can be viewed by users with filesystem access to the Jenkins controller, creating a confidentiality ...
CVE-2022-20621
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
IAM Vulnerable - Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit...
PortlandLabs Concrete Cms 代码问题漏洞
PortlandLabs Concrete Cms is an open source team-oriented content management system from PortlandLabs, Inc. PortlandLabs Concrete CMS is vulnerable to a code issue that could be exploited by attackers to obtain a Cloud IAAS AWS IAM key...
Download Manager < 3.1.23 - Unauthorised Asset Manager Usage
The majority of the AJAX actions related to the Asset Manager use the same nonce action ie the NONCEKEY constant, and are lacking any authorisation checks. Given that the nonce is available in other pages, accessible by low priviledge users such as author, or even subscribers depending on the...
Revive Adserver: Reflected XSS on /admin/stats.php
I found a reflected XSS attack on /admin/stats.php. Revive-Adserver version is revive-adserver-5.1.0. - Go to...
ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...
Amino Communications 多款产品信任管理问题漏洞
The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability in a number of its products, which arises from a root user hard-coded SSH key that can be exploited by an attacker to...
CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...
Privilege escalation
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...
CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...
CVE-2020-27781
CVE-2020-27781 affects Ceph and specifically allows privilege escalation via Native CephFS consumers of OpenStack Manila. An OpenStack Manila user can request access to a share for an arbitrary cephx user; the interface drivers reveal the access key, enabling all users in the requesting project t...