Lucene search
K

941 matches found

NVD
NVD
added 2022/09/21 4:15 p.m.23 views

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS0.00503EPSS
Exploits0References1
OSV
OSV
added 2022/09/21 4:15 p.m.22 views

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS4.3AI score
Exploits0References1
Prion
Prion
added 2022/09/21 4:15 p.m.23 views

Design/Logic Flaw

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4CVSS4.2AI score0.00503EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/21 3:45 p.m.24 views

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

5AI score0.00503EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2022/09/21 3:45 p.m.45 views

CVE-2022-41233

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled...

4.3CVSS2AI score0.00503EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.3 views

PT-2022-25749 · Jenkins · Jenkins Rundeck Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin versions 3.6.11 and earlier Description: The issue allows attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled, due to a lac...

4.3CVSS4.2AI score0.00503EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.3 views

Jenkins Rundeck Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.2AI score0.00503EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/13 6:50 p.m.9 views

CVE-2022-39207 Persistent XSS in OneDev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same...

5.4CVSS5.9AI score0.00722EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.4 views

PT-2022-24807 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. These artifact files are served by the...

5.4CVSS5.7AI score0.00722EPSS
Exploits1References7
Kitploit
Kitploit
added 2022/08/09 12:30 p.m.33 views

MrKaplan - Tool Aimed To Help Red Teamers To Stay Hidden By Clearing Evidence Of Execution

MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution. It works by saving information such as the time it ran, snapshot of files and associate each evidence to the related user. This tool is inspired by MoonWalk, a similar tool for Unix machines. You can re...

7AI score
Exploits0References6
NVD
NVD
added 2022/08/05 4:15 p.m.18 views

CVE-2022-2501

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

7.5CVSS0.0082EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/05 4:15 p.m.3 views

CVE-2022-2501

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

7.5CVSS7.1AI score0.0082EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2022/08/05 4:15 p.m.37 views

CVE-2022-2501

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

7.5CVSS7.1AI score0.0082EPSS
Exploits0References1
Prion
Prion
added 2022/08/05 4:15 p.m.24 views

Improper access control

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

5CVSS7.4AI score0.0082EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/05 3:12 p.m.28 views

CVE-2022-2501

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

5.9CVSS7.6AI score0.0082EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/08/05 10:6 a.m.35 views

A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'

A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control C2 services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service DDoS attack...

0.3AI score
Exploits0
OpenVAS
OpenVAS
added 2022/08/05 12:0 a.m.9 views

Fedora: Security Advisory for osbuild-composer (FEDORA-2022-ca66b145a5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/08/04 1:35 a.m.25 views

[SECURITY] Fedora 36 Update: osbuild-composer-58-1.fc36

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients...

0.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/08/04 12:0 a.m.42 views

GitLab 12.0 < 15.0.5 / 15.1 < 15.1.4 / 15.2 < 15.2.1 (CVE-2022-2501)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and downloa...

7.5CVSS7.4AI score0.0082EPSS
Exploits0References4
Fedora
Fedora
added 2022/07/31 1:37 a.m.14 views

[SECURITY] Fedora 36 Update: osbuild-composer-57-2.fc36

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients...

0.9AI score
Exploits0
Rows per page
Query Builder