146 matches found
BIT-JENKINS-2025-27623
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...
Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of...
Cleartext Storage of Sensitive Information
Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to improper redaction of encrypted values in config.xml when accessed via REST API or CLI. An attacker with View/Read...
CVE-2025-27623
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...
CVE-2025-27622
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...
CVE-2025-27623
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...
CVE-2025-27623
Jenkins security issue CVE-2025-27623 affects Jenkins versions 2.499 and earlier and LTS 2.492.1 and earlier. The root cause is an encryption handling flaw that fails to redact encrypted secret values in view configuration when accessed via REST/CLI through config.xml, enabling users with View/Re...
CVE-2025-27622
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...
CVE-2025-27622
CVE-2025-27622 affects Jenkins 2.499 and earlier, and LTS 2.492.1 and earlier, where encrypted values of secrets stored in agent configuration (config.xml) are not redacted when accessed via REST API or CLI. An attacker with Agent/Extended Read permission can view these encrypted secret values. T...
CVE-2025-27622
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...
CVE-2024-20412
Cisco Firepower Threat Defense (FTD) Software on Firepower 1000, 2100, 3100, and 4200 Series contains static accounts with hard-coded passwords, enabling an unauthenticated, local attacker to access the CLI with those credentials. A successful exploit could allow data access, limited troubleshoot...
How to Reattach a Forgotten Integrated StorageLink (iSL) Storage Repository
This article describes how to reattach a forgotten Intergrated StorageLink iSL Storage Repository SR. Requirements CLI access to XenServer master host XenCenter Access...
CVE-2024-39511
The CVE-2024-39511 entry concerns Juniper Networks Junos OS: an improper input validation vulnerability in the 802.1X Authentication (dot1x) Daemon. When an operator runs a specific dot1x command, the dot1x daemon may crash, causing a Denial of Service that clears all 802.1x client authentication...
CVE-2024-39556 Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service DoS or privileged code executio...
CVE-2024-39556 Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service DoS or privileged code executio...
CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...
CVE-2024-23111
An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...
CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...
CVE-2024-23111
CVE-2024-23111 is an XSS vulnerability in FortiOS (7.4.3 and older; 7.2 and 7.0 all versions) and FortiProxy (7.4.2 and older; 7.2 and 7.0 all versions) where the reboot page improperly neutralizes input, allowing a remote attacker with super-admin access to run JavaScript via crafted HTTP GET re...
CVE-2024-23111
An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...