Bottle 安全特征问题漏洞

Bottle is a simple and lightweight Python-based WSGI micro web framework from the Bottle community. Bottle suffers from a security signature issue vulnerability that stems from a processing error during early request binding. A remote attacker could exploit this vulnerability to compromise the...

CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding, exposing a vulnerability that can disclose sensitive information. Public advisories confirm affected software: python-bottle up to 0.12.19/0.12.20. Debian security notes (DSA and DLA) describe the issue and recommend upgrading ...

CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding...

CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding...

PT-2022-7348 · Bottle +6 · Bottle +6

Name of the Vulnerable Software and Affected Versions: Bottle versions prior to 0.12.20 Description: The issue is related to uncontrolled resource consumption and mishandling of errors during early request binding. This can allow a remote attacker to cause a denial of service. Recommendations: Fo...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +38 more potentially affected by CVE-2020-2182 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.18)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2020-2182 Source advisory: OSV:GHSA-7FF8-QFWX-8GX5...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +38 more potentially affected by CVE-2020-2181 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.18)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2020-2181 Source advisory: OSV:GHSA-43J2-R4V3-M8JP...

GHSA-7FF8-QFWX-8GX5 Improper masking of some secrets in Jenkins Credentials Binding Plugin

Credentials Binding Plugin allows specifying passwords and other secrets as environment variables, and will hide them from console output in builds. As a side effect of the fix for SECURITY-698, $ characters in secrets are escaped to $$. This will then be expanded to $ again once the secret is...

Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps. Jenkins Credentials Binding Plugin 1.23 now masks secrets when the build contains no build steps...

GHSA-43J2-R4V3-M8JP Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps. Jenkins Credentials Binding Plugin 1.23 now masks secrets when the build contains no build steps...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +37 more potentially affected by CVE-2019-1010241 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.16)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2019-1010241 Source advisory: SNYK:JAVA-ORGJENKINSCIPLUGINS-9402853...

Storing Passwords in a Recoverable Format

Overview org.jenkins-ci.plugins:credentials-binding is a plugin that allows credentials to be bound to environment variables for use from miscellaneous build steps. Affected versions of this package are vulnerable to Storing Passwords in a Recoverable Format via the config-variables.jelly file,...

Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...

GHSA-J7GW-MWFG-VQF4 Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...

CISA Adds 20 Known Exploited Vulnerabilities to Catalog

CISA has added 20 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...

Spring for GraphQL 1.0 Release

On behalf of the Spring for GraphQL team and every contributor, it is my pleasure to announce the 1.0 GA release. Its been 10 months since the project was announced and under 2 years since the first commit, unremarkably called "first commit". The project began with the modest goal to replace the...

Zoom Client 信息泄露漏洞

Zoom Client is a video conferencing client application from Zoom, Inc. that supports multiple platforms. An information disclosure vulnerability exists in Zoom Client for Meetings prior to version 5.10.0, which stems from an inability to properly bind a client session cookie to a Zoom domain...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly adde...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +34 more potentially affected by CVE-2018-1000057 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.13)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =0.1.0, =0.1.1, =0.3.0, =0.4.1 and more Source cves: CVE-2018-1000057 Source advisory: OSV:GHSA-38XM-XHVJ-Q2QF...

Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials

Jenkins Credentials Binding plugin allows specifying passwords and other secrets as environment variables, and will hide them from console output in builds. However, since Jenkins will try to resolve references to other environment variables in environment variables passed to a build, this can...