Lucene search
+L

223 matches found

Tenable Nessus
Tenable Nessus
added 2022/01/21 12:0 a.m.144 views

Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.319.2 or Jenkins weekly prior to 2.330. It is, therefore, affected by multiple vulnerabilities: - A cross-site request forgery CSRF vulnerability in Jenkins 2.329 a...

9CVSS6.3AI score0.81842EPSS
Exploits0References25
CNVD
CNVD
added 2022/01/16 12:0 a.m.38 views

Jenkins Metrics Plugin Licensing Issue Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Metrics Plugin in version 4.0.2.8 and earlier is vulnerable to an authorization issue that stems from an unencrypt...

5.5CVSS2.4AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2022/01/13 12:0 a.m.40 views

GHSA-GG9M-X3CG-69VH Access key stored in plain text by Jenkins Metrics Plugin

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file jenkins.metrics.api.MetricsAccessKey.xml on the Jenkins controller as part of its configuration. This access key can be viewed by users with access to the Jenkins controller file system...

5.5CVSS5.6AI score0.00319EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/01/13 12:0 a.m.25 views

Access key stored in plain text by Jenkins Metrics Plugin

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file jenkins.metrics.api.MetricsAccessKey.xml on the Jenkins controller as part of its configuration. This access key can be viewed by users with access to the Jenkins controller file system...

5.5CVSS5.4AI score0.00319EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/01/12 8:15 p.m.12 views

CVE-2022-20621

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

5.5CVSS0.00319EPSS
Exploits0References2
OSV
OSV
added 2022/01/12 8:15 p.m.23 views

CVE-2022-20621

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

5.5CVSS5.4AI score
Exploits0References2
Prion
Prion
added 2022/01/12 8:15 p.m.17 views

Design/Logic Flaw

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

2.1CVSS5.3AI score0.00319EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/01/12 7:6 p.m.31 views

CVE-2022-20621

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

6AI score0.00319EPSS
Exploits0References2
CVE
CVE
added 2022/01/12 7:6 p.m.135 views

CVE-2022-20621

CVE-2022-20621 affects Jenkins Metrics Plugin, where versions 4.0.2.8 and earlier store an access key unencrypted in the plugin’s global configuration on the Jenkins controller. This plaintext key can be viewed by users with filesystem access to the Jenkins controller, creating a confidentiality ...

5.5CVSS5.2AI score0.00319EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2022/01/12 7:6 p.m.30 views

CVE-2022-20621

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

5.5CVSS4AI score0.00319EPSS
Exploits0References2
Kitploit
Kitploit
added 2021/12/04 8:30 p.m.45 views

IAM Vulnerable - Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit...

7.9AI score
Exploits0References13
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.19 views

PortlandLabs Concrete Cms 代码问题漏洞

PortlandLabs Concrete Cms is an open source team-oriented content management system from PortlandLabs, Inc. PortlandLabs Concrete CMS is vulnerable to a code issue that could be exploited by attackers to obtain a Cloud IAAS AWS IAM key...

5.3CVSS5.7AI score0.00831EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2021/04/30 12:0 a.m.10 views

Download Manager < 3.1.23 - Unauthorised Asset Manager Usage

The majority of the AJAX actions related to the Asset Manager use the same nonce action ie the NONCEKEY constant, and are lacking any authorisation checks. Given that the nonce is available in other pages, accessible by low priviledge users such as author, or even subscribers depending on the...

7AI score
Exploits0Affected Software1
Hacker One
Hacker One
added 2021/01/21 5:33 p.m.99 views

Revive Adserver: Reflected XSS on /admin/stats.php

I found a reflected XSS attack on /admin/stats.php. Revive-Adserver version is revive-adserver-5.1.0. - Go to...

4.3CVSS3.3AI score0.22064EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2021/01/12 2:58 p.m.2 views

ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS7.2AI score0.0031EPSS
Exploits0References4
CNNVD
CNNVD
added 2020/12/29 12:0 a.m.9 views

Amino Communications 多款产品信任管理问题漏洞

The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability in a number of its products, which arises from a root user hard-coded SSH key that can be exploited by an attacker to...

10CVSS5.8AI score0.01544EPSS
Exploits1References1
OSV
OSV
added 2020/12/18 9:15 p.m.33 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS6.6AI score
Exploits0References4
Prion
Prion
added 2020/12/18 9:15 p.m.23 views

Privilege escalation

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

3.6CVSS6.7AI score0.0031EPSS
Exploits0References4Affected Software5
Cvelist
Cvelist
added 2020/12/18 12:0 a.m.31 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

6.9AI score0.0031EPSS
Exploits0References4
CVE
CVE
added 2020/12/18 12:0 a.m.288 views

CVE-2020-27781

CVE-2020-27781 affects Ceph and specifically allows privilege escalation via Native CephFS consumers of OpenStack Manila. An OpenStack Manila user can request access to a share for an arbitrary cephx user; the interface drivers reveal the access key, enabling all users in the requesting project t...

7.1CVSS6.8AI score0.0031EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder