Lucene search
K

199 matches found

Vulnrichment
Vulnrichment
added 2022/11/18 9:42 p.m.12 views

CVE-2022-45073 WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in REST API Authentication plugin = 2.4.0 on WordPress...

5.4CVSS6.5AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2022/11/18 9:42 p.m.66 views

CVE-2022-45073

CVE-2022-45073 describes a CSRF vulnerability in the WordPress REST API Authentication plugin (versions ≤ 2.4.0). The issue arises from the plugin not performing CSRF checks when updating settings, potentially allowing an authenticated attacker to trigger unintended settings changes through forge...

8.8CVSS7.2AI score0.00264EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.4 views

PT-2022-27401 · Unknown · Rest Api Authentication Plugin

Name of the Vulnerable Software and Affected Versions: REST API Authentication plugin versions prior to 2.4.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...

8.8CVSS8.6AI score0.00264EPSS
Exploits0References3
Atlassian
Atlassian
added 2022/10/19 10:2 a.m.152 views

Vulnerable version of xmlsec used - CVE-2021-40690 in atlassian-authentication-plugin

Recently we have identified that on top of the libraries mentioned in JRASERVER-73580, there was another libraryatlassian-authentication-plugin that has a transitive dependency of xmlsec that could be related to the vulnerability described in...

7.5CVSS2.5AI score0.10448EPSS
Exploits0
OSV
OSV
added 2022/09/29 3:15 a.m.14 views

CVE-2021-40691

A session hijack risk was identified in the Shibboleth authentication plugin...

4.3CVSS6.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/09/20 1:42 p.m.9 views

mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

5.9CVSS7.3AI score0.02023EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.6 views

Vulnerability of the Server component: PAM Auth Plugin of the MySQL Server database management system, which allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Server component: the PAM Auth Plugin of the MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain access to modify, add, or delete data...

6.8CVSS6.4AI score0.00866EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.5 views

The vulnerability of the jwt-auth plugin for the Apache APISIX cloud API gateway allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the jwt-auth plugin for the Apache APISIX cloud API gateway is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.07688EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/05/05 12:0 a.m.6 views

Vulnerability of the Server component: PAM Auth Plugin of the MySQL Server database management system, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the MySQL Server database management system’s PAM Auth Plugin relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information using the FIDO network protocol...

7.1CVSS6.7AI score0.02023EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/04/19 9:15 p.m.8 views

UBUNTU-CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

5.9CVSS6.7AI score0.02023EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/04/11 8:20 p.m.6 views

CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames

GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...

8.2CVSS8.3AI score0.01629EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/04/11 8:20 p.m.44 views

CVE-2022-24832 Bundled ldap-authentication-plugin fails to neutralise LDAP special elements in usernames

GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it ca...

8.2CVSS8.5AI score0.01629EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.3 views

GoCD 注入漏洞

GoCd is a continuous delivery server. GoCD suffers from an injection vulnerability that stems from the fact that the gocd-ldap-authentication-plugin included in GoCD Server fails to properly escape special characters when constructing an LDAP query using a username. An attacker could use this...

8.2CVSS6.8AI score0.01629EPSS
Exploits0References8
NVD
NVD
added 2022/03/15 5:15 p.m.30 views

CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS0.00979EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.7 views

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

5.4CVSS6.1AI score0.00712EPSS
Exploits0References3
NVD
NVD
added 2022/02/15 5:15 p.m.43 views

CVE-2022-25196

Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in...

5.4CVSS0.00712EPSS
Exploits0References2
CVE
CVE
added 2022/02/15 4:11 p.m.154 views

CVE-2022-25196

CVE-2022-25196 affects the Jenkins GitLab Authentication Plugin (1.13 and earlier). The vulnerability arises because the plugin records the HTTP Referer header as part of the URL query parameters at the start of authentication, enabling an attacker with Jenkins access to craft a login URL that re...

5.4CVSS5.6AI score0.00712EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.6 views

Jenkins 插件输入验证错误漏洞

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A user redirection vulnerability exists in Jenkins GitLab Authentication Plugin 1.13 and earlier versions, which stems fr...

5.4CVSS5.7AI score0.00712EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.5 views

PT-2022-17136 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Authentication Plugin versions 1.13 and earlier Description: The issue allows attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. This is caused by the plugin...

5.4CVSS5.2AI score0.00712EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/02/02 11:48 a.m.28 views

CVE-2022-21724 Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

7CVSS9.7AI score0.0301EPSS
Exploits1References6
Rows per page
Query Builder