Lucene search
K

424 matches found

Atlassian
Atlassian
added 2023/06/02 10:22 a.m.28 views

Granting the 'Administer Projects' permission to a 'Custom Field' within a permission scheme allows all users to see the Project Settings

h3. Issue Summary This is reproducible on Data Center: yes Granting the Administer Projects permission to a User custom field value results in users having access to the Project Settings area even when the field is not populated. h3. Steps to Reproduce Create a new project with sample data Create...

6.7AI score
Exploits0Affected Software1
OSV
OSV
added 2023/05/31 1:14 p.m.4 views

DRUPAL-CONTRIB-2023-016

The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting XSS vulnerability. Th...

5.9AI score
Exploits0References1
Drupal
Drupal
added 2023/05/31 12:0 a.m.19 views

Iubenda Integration - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-016

The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting XSS vulnerability. Th...

5.8AI score
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/05/02 12:0 a.m.6 views

The vulnerability of the Administer Workforce component of the PeopleSoft Enterprise HCM Human Resources platform allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Administer Workforce component of the PeopleSoft Enterprise HCM Human Resources platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.5CVSS6.6AI score0.00408EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/18 8:15 p.m.4 views

CVE-2023-21992

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Administer Workforce. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

5.4CVSS6.7AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.4 views

SUSE CVE-2013-4138

Cross-site scripting XSS vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors...

2.1CVSS5.8AI score0.00931EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.5 views

SUSE CVE-2014-2068

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...

3.5CVSS6.1AI score0.01425EPSS
Exploits0References3
OSV
OSV
added 2023/01/11 5:15 p.m.4 views

DRUPAL-CONTRIB-2023-001

This module enables users to create 'private' vocabularies. The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View...

6.7AI score
Exploits0References1
Drupal
Drupal
added 2023/01/11 12:0 a.m.8 views

Private Taxonomy Terms - Moderately critical - Access bypass - SA-CONTRIB-2023-001

This module enables users to create 'private' vocabularies. The module doesn't enforce permissions appropriately for the taxonomy overview page and overview form. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer own taxonomy" or "View...

5.6AI score
Exploits0References7
NVD
NVD
added 2022/11/15 8:15 p.m.32 views

CVE-2022-45383

An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fabd860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission...

6.5CVSS0.00649EPSS
Exploits0References2
OSV
OSV
added 2022/09/22 12:0 a.m.28 views

GHSA-JJCH-7G85-4M72 Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

4.3CVSS8.6AI score0.00462EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.32 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer...

8.8CVSS8.2AI score0.00462EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/22 12:0 a.m.36 views

Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and...

8.8CVSS8.2AI score0.00827EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.6 views

PT-2022-25742 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.129 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified webserver using attacker-specified...

8.8CVSS8.6AI score0.00462EPSS
Exploits0References7
Drupal
Drupal
added 2022/07/27 12:0 a.m.7 views

Context - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-049

This module enables you to conditionally display blocks in particular theme regions. The module doesn't sufficiently sanitize the title of a block as displayed in the admin UI when a site administrator edits a context block reaction. This vulnerability is mitigated by the fact that an attacker mu...

5.5AI score
Exploits0References8
OSV
OSV
added 2022/07/01 12:1 a.m.23 views

GHSA-2588-CX6W-6VM6 Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

5.4CVSS6.5AI score0.00647EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/07/01 12:1 a.m.47 views

Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests. This is basically the...

4.3CVSS4.7AI score0.00516EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:6 p.m.22 views

Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests

Jenkins requests-plugin Plugin 2.2.6 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to view the list of pending requests. Jenkins requests-plugin Plugin 2.2.7 requires Overall/Administer permission to view the list of pendin...

4.3CVSS4.8AI score0.0097EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 7:6 p.m.15 views

GHSA-W3GM-VV58-WR55 Missing permission check in Jenkins requests-plugin Plugin allows sending emails

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to send test emails to an attacker-specified email address. Jenkins requests-plugin Plugin 2.2.8 requires Overall/Administer permission to...

4.3CVSS4.4AI score0.01391EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 7:6 p.m.20 views

Missing permission check in Jenkins requests-plugin Plugin allows sending emails

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to send test emails to an attacker-specified email address. Jenkins requests-plugin Plugin 2.2.8 requires Overall/Administer permission to...

4.3CVSS4.5AI score0.01391EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder