PT-2022-20399 · Jenkins · Jenkins Pipeline: Groovy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Groovy Plugin versions 2689.v434009a 31b f1 and earlier Description: The issue allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. This could potentially be used to...

GHSA-R5C7-QCC9-5V7M Jenkins Pipeline Classpath Step plugin allowed Script Security sandbox bypass

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...

GHSA-R9VV-XJ4W-G8M8 Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain

The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...

PostgreSQL PL/Java Improper Privilege Management

PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath...

GHSA-VHRG-V3CV-P247 Deserialization of Untrusted Data in Spring Security

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

Remote code execution

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...

CVE-2022-24816 Improper Control of Generation of Code in jai-ext

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...

CVE-2022-24816 Improper Control of Generation of Code in jai-ext

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...

CVE-2022-24816

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Netcool Performance Manager

Summary Apache-Log4j - CVE-2021-4104, Apache-Log4j - CVE-2022-23302, Apache-Log4j - CVE-2022-23305, Apache-Log4j - CVE-2022-23307 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- TNPM|...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +94 more potentially affected by CVE-2022-25173 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.92)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2022-25173 Source advisory: OSV:GHSA-4M7P-55JM-3VW...

Apache Log4j allows insecure JNDI lookups

Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description Th...

CVE-2021-39181

OpenOlat is a web-based learning management system LMS. Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file e.g. a course any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the...

Design/Logic Flaw

OpenOlat is a web-based learning management system LMS. Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file e.g. a course any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the...

CVE-2021-39181

OpenOlat (web-based LMS) is affected prior to versions 15.3.18, 15.5.3, and 16.0.0. The vulnerability lets an attacker with an authoring-role OpenOlat account instantiate any Java class on the classpath via a prepared import XML file (e.g., a course), enabling arbitrary code execution. The underl...

CVE-2021-39181 Unsafe Deserialization of User Data Using XStream

OpenOlat is a web-based learning management system LMS. Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file e.g. a course any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the...

CVE-2019-14540

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. Mitigation This vulnerability relies on com.zaxxer.hikari.HikariConfig being present in the applications ClassPath. Hikari is not packaged as an RPM for Red Hat...

CVE-2019-12086

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...

CVE-2021-32647

Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution RCE. The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a...

Remote code execution

The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class usable for exploitation...