PT-2025-10782 · Fortinet · Fortiisolator

Name of the Vulnerable Software and Affected Versions: Fortinet FortiIsolator versions 2.4.0 through 2.4.5 Description: The issue is related to multiple improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This allows an authenticated attacker...

Brute-force Attack

org.wildfly.core, wildfly-elytron-integration is vulnerable to Brute-force Attack. The vulnerability is due to the lack of rate limiting on failed authentication attempts via CLI, allows attackers to perform multiple failed authentication attempts within a short time frame due to the lack of rate...

BIT-JENKINS-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

BIT-JENKINS-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

microcode_ctl: Improper input validation in XmlCli feature for UEFI firmware

An improper input validation flaw was found in the XmlCli feature for UEFI firmware. Some IntelR processors may allow a privileged user to enable privilege escalation via local access...

Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI. This allows attackers with View/Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted values of...

Linux Distros Unpatched Vulnerability : CVE-2024-52308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh...

Linux Distros Unpatched Vulnerability : CVE-2024-8260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input...

Linux Distros Unpatched Vulnerability : CVE-2024-54132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in...

Linux Distros Unpatched Vulnerability : CVE-2024-53858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gh cli is GitHub's official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when...

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to improper redaction of encrypted values in config.xml when accessed via REST API or CLI. An attacker with View/Read...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27623

Jenkins security issue CVE-2025-27623 affects Jenkins versions 2.499 and earlier and LTS 2.492.1 and earlier. The root cause is an encryption handling flaw that fails to redact encrypted secret values in view configuration when accessed via REST/CLI through config.xml, enabling users with View/Re...

CVE-2025-27623

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets...

CVE-2025-27622

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...

CVE-2025-27622

CVE-2025-27622 affects Jenkins 2.499 and earlier, and LTS 2.492.1 and earlier, where encrypted values of secrets stored in agent configuration (config.xml) are not redacted when accessed via REST API or CLI. An attacker with Agent/Extended Read permission can view these encrypted secret values. T...