Lucene search
K

146 matches found

OSV
OSV
added 2025/03/07 8:55 p.m.8 views

BIT-JENKINS-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

4.3CVSS6.5AI score0.00298EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/03/06 12:31 a.m.14 views

Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of...

4.3CVSS6.7AI score0.00298EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/03/05 11:41 p.m.4 views

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to improper redaction of encrypted values in config.xml when accessed via REST API or CLI. An attacker with View/Read...

7.1CVSS6.8AI score0.00298EPSS
Exploits0References2
OSV
OSV
added 2025/03/05 11:15 p.m.4 views

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

4.3CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2025/03/05 11:15 p.m.4 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

4.3CVSS6.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/05 10:33 p.m.8 views

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

7AI score0.00298EPSS
Exploits0References1
CVE
CVE
added 2025/03/05 10:33 p.m.136 views

CVE-2025-27623

Jenkins security issue CVE-2025-27623 affects Jenkins versions 2.499 and earlier and LTS 2.492.1 and earlier. The root cause is an encryption handling flaw that fails to redact encrypted secret values in view configuration when accessed via REST/CLI through config.xml, enabling users with View/Re...

4.3CVSS7AI score0.00298EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/05 10:33 p.m.7 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

7AI score0.00684EPSS
Exploits0References1
CVE
CVE
added 2025/03/05 10:33 p.m.192 views

CVE-2025-27622

CVE-2025-27622 affects Jenkins 2.499 and earlier, and LTS 2.492.1 and earlier, where encrypted values of secrets stored in agent configuration (config.xml) are not redacted when accessed via REST API or CLI. An attacker with Agent/Extended Read permission can view these encrypted secret values. T...

4.3CVSS7AI score0.00684EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/05 10:33 p.m.16 views

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

0.00684EPSS
Exploits0References1
CVE
CVE
added 2024/10/23 5:39 p.m.93 views

CVE-2024-20412

Cisco Firepower Threat Defense (FTD) Software on Firepower 1000, 2100, 3100, and 4200 Series contains static accounts with hard-coded passwords, enabling an unauthenticated, local attacker to access the CLI with those credentials. A successful exploit could allow data access, limited troubleshoot...

9.3CVSS9AI score0.00206EPSS
Exploits0References1Affected Software1
Citrix
Citrix
added 2024/07/13 12:0 a.m.8 views

How to Reattach a Forgotten Integrated StorageLink (iSL) Storage Repository

This article describes how to reattach a forgotten Intergrated StorageLink iSL Storage Repository SR. Requirements CLI access to XenServer master host XenCenter Access...

7AI score
Exploits0
CVE
CVE
added 2024/07/10 10:58 p.m.68 views

CVE-2024-39511

The CVE-2024-39511 entry concerns Juniper Networks Junos OS: an improper input validation vulnerability in the 802.1X Authentication (dot1x) Daemon. When an operator runs a specific dot1x command, the dot1x daemon may crash, causing a Denial of Service that clears all 802.1x client authentication...

6.8CVSS5.9AI score0.00148EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/10 10:38 p.m.30 views

CVE-2024-39556 Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service DoS or privileged code executio...

7.1CVSS0.00094EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/10 10:38 p.m.28 views

CVE-2024-39556 Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service DoS or privileged code executio...

7.1CVSS7.2AI score0.00094EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 3:16 p.m.47 views

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

4.4CVSS0.03469EPSS
Exploits1References1
NVD
NVD
added 2024/06/11 3:16 p.m.34 views

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

6.8CVSS0.01042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/11 2:32 p.m.24 views

CVE-2024-21754

A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...

1.8CVSS7.2AI score0.03469EPSS
Exploits1References1
CVE
CVE
added 2024/06/11 2:32 p.m.86 views

CVE-2024-23111

CVE-2024-23111 is an XSS vulnerability in FortiOS (7.4.3 and older; 7.2 and 7.0 all versions) and FortiProxy (7.4.2 and older; 7.2 and 7.0 all versions) where the reboot page improperly neutralizes input, allowing a remote attacker with super-admin access to run JavaScript via crafted HTTP GET re...

6.8CVSS6.9AI score0.01042EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2024/06/11 2:32 p.m.55 views

CVE-2024-23111

An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...

6.8CVSS0.01042EPSS
Exploits0References1
Rows per page
Query Builder