EUVD-2023-0427

Malicious code in bioql PyPI...

EUVD-2022-47994

Malicious code in bioql PyPI...

WordPress REST API Authentication plugin <= 3.6.3 - Settings Change Vulnerability

Settings Change Vulnerability discovered by chuck in WordPress Plugin WordPress REST API Authentication versions = 3.6.3...

GHSA-4P5M-GVPF-F3X5 Apache Solr Relative Path Traversal vulnerability

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...

Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b6d and earlier does not invalidate the previous session on login. This allows attackers to use social engineering techniques to gain administrator access to Jenkins. OpenId Connect Authentication Plugin 4.421.v5422614ebe0a invalidates...

CVE-2024-52553

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b6d and earlier does not invalidate the previous session on login...

CVE-2024-52553

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b6d and earlier does not invalidate the previous session on login...

CVE-2024-47807

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the iss Issuer claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

CVE-2024-47806

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the aud Audience claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

CVE-2024-47806

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the aud Audience claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

CVE-2024-47807

CVE-2024-47807 affects Jenkins OpenId Connect Authentication Plugin up to version 4.354.v321ce67a_1de8. The root cause is that the plugin does not validate the Issuer (‘iss’) claim of the ID Token, which can allow an attacker to subvert the authentication flow and potentially gain administrator a...

The vulnerability of the JSON Web Token authentication plugin in the Django framework’s “django-restframework-simplejwt” software platform allows a hacker to disclose sensitive information that should be protected.

The vulnerability of the JSON Web Token authentication plugin in the Django software framework relates to the lack of protection for sensitive data. Exploiting this vulnerability could allow an attacker to disclose protected information through the foruser method...

BIT-MOODLE-2021-40691

A session hijack risk was identified in the Shibboleth authentication plugin...

DRUPAL-CONTRIB-2024-003

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. In some cases, the module allows users to log in with an authentication plugin that an administrator has disabled. This vulnerability is mitigated by the fact that a...

Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. In some cases, the module allows users to log in with an authentication plugin that an administrator has disabled. This vulnerability is mitigated by the fact that a...

CVE-2023-50771

The vulnerability CVE-2023-50771 affects Jenkins OpenId Connect Authentication Plugin versions 2.6 and earlier. Root cause: the plugin improperly validates the redirect URL after login, allowing an attacker to phishingly redirect to a malicious site instead of Jenkins. Impact (per sources): poten...

Apache Traffic Server 输入验证错误漏洞

Apache Traffic Server ATS is the United States Apache Apache Foundation's set of scalable HTTP proxy and caching server. Apache Traffic Server suffers from an input validation error vulnerability that stems from an HTTP/2 frame formatting error and is vulnerable to HTTP/2 and s3 authentication...

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

CVE-2023-40343

CVE-2023-40343 affects Jenkins Tuleap Authentication Plugin (versions 1.1.20 and earlier). The root cause is a non-constant-time comparison function when validating authentication tokens, which could allow attackers to apply statistical methods to obtain a valid token. The issue is mitigated by u...