40 matches found
WordPress WP Nano AD plugin <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by siyuan shao in WordPress Plugin WP Nano AD versions = 1.31...
EUVD-2017-9695
Malware in sbrugna...
EUVD-2022-5435
Malicious code in bioql PyPI...
EUVD-2023-2522
Malicious code in bioql PyPI...
EUVD-2022-4336
Malicious code in bioql PyPI...
CVE-2023-41935
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b1154b3fb, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce...
CVE-2023-24426
Jenkins Azure AD Plugin 303.va91ef20ee49f and earlier does not invalidate the previous session on login...
CVE-2021-21679
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...
CVE-2020-2119
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
CVE-2019-10318
Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system...
CVE-2017-18579
The corner-ad plugin before 1.0.8 for WordPress has XSS...
Cross site request forgery (csrf)
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b1154b3fb, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce...
CVE-2023-41935
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b1154b3fb, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce...
CVE-2023-41935
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b1154b3fb, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce...
CVE-2023-41935
The CVE concerns Jenkins Azure AD Plugin versions 396.v86ce29279947 and earlier (except 378.380.v545b_1154b_3fb_) using a non-constant time nonce comparison for CSRF protection, enabling statistical analysis to potentially obtain a valid nonce. This is the root cause: a non-constant time comparis...
CVE-2023-24426
Jenkins Azure AD Plugin 303.va91ef20ee49f and earlier does not invalidate the previous session on login...
Information disclosure
Jenkins Azure AD Plugin 303.va91ef20ee49f and earlier does not invalidate the previous session on login...
PT-2023-19586 · Jenkins · Jenkins Azure Ad Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure AD Plugin versions 303.va 91ef20ee49f and earlier Description: The issue is related to the Jenkins Azure AD Plugin not invalidating the previous session on login. This could potentially allow unauthorized access. Recommendations...
CVE-2023-24426
Jenkins Azure AD Plugin 303.va91ef20ee49f and earlier does not invalidate the previous session on login...
CVE-2023-24426
The CVE-2023-24426 entry refers to Jenkins Azure AD Plugin (versions 303.va_91ef20ee49f and earlier) that does not invalidate an existing session on login. This behavior can allow an attacker with social engineering to gain administrator access to Jenkins, per Jenkins advisory notes. The issue is...