Jenkins LTS < 2.426.3 / Jenkins weekly < 2.442 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.426.3 or Jenkins weekly prior to 2.442. It is, therefore, affected by multiple vulnerabilities: - Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disabl...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.10 packages and security update

Red Hat OpenShift Container Platform release 4.14.10 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Introducing Wordfence CLI 3.0.1: Now With Automatic Remediation!

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...

Insertion of Sensitive Information into Log File in OWASP DependencyCheck

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

GHSA-FRXM-V7Q3-V2WV Insertion of Sensitive Information into Log File in OWASP DependencyCheck

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

CVE-2024-23686

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

CVE-2024-23686

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

Design/Logic Flaw

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

CVE-2024-23686

CVE-2024-23686 affects DependencyCheck components: Maven (9.0.0–9.0.6), CLI (9.0.0–9.0.5), and Ant (9.0.0–9.0.5). The root cause is that in debug mode, logging sensitive data exposes the NVD API Key via log files, enabling an attacker with log access to recover the key. Several connected sources ...

CVE-2024-23686 DependencyCheck Debug Mode Logging of NVD API Key

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

CVE-2023-48795 affecting package moby-cli for versions less than 20.10.27-2

CVE-2023-48795 affecting package moby-cli for versions less than 20.10.27-2. A patched version of the package is available...

[SECURITY] Fedora 38 Update: podman-4.8.3-1.fc38

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

DependencyCheck Log Information Disclosure Vulnerability

DependencyCheck is a software portfolio analysis SCA tool that attempts to detect publicly disclosed vulnerabilities contained in project dependencies. A security vulnerability exists in DependencyCheck. An attacker exploited the vulnerability to recover NVD API keys from log files. The following...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.9 packages and security update

Red Hat OpenShift Container Platform release 4.14.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Design/Logic Flaw

A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An...

Siemens SCALANCE LPE9403 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-41092)

A vulnerability was found in the Docker CLI where running 'docker login my-private-registry.example.com' with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

CVE-2023-2253 affecting package moby-cli for versions less than 20.10.27-1

CVE-2023-2253 affecting package moby-cli for versions less than 20.10.27-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

Design/Logic Flaw

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...

CVE-2023-49568

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...