Lucene search
K

78 matches found

AlpineLinux
AlpineLinux
added 2025/09/03 3:15 p.m.6 views

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

4.3CVSS6.5AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2025/09/03 3:15 p.m.7 views

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

4.3CVSS0.00288EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/03 3:2 p.m.5 views

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

6.2AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2025/09/03 3:2 p.m.24 views

CVE-2025-58458

The CVE-2025-58458 entry concerns the Jenkins Git client Plugin (versions 6.3.2 and earlier, excluding 6.1.4 and 6.2.1). The root cause is inconsistent validation of the Git URL field when using the amazon-s3 protocol with JGit, where the response depends on whether the specified file path exists...

4.3CVSS6.2AI score0.00288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/03 3:2 p.m.9 views

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.8 views

PT-2025-35780

Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 6.3.2 and earlier Description: The Git URL field form validation responses differ based on whether the specified file path exists on the Jenkins controller when using the amazon-s3 protocol with JGit. This...

4.3CVSS6.3AI score0.00288EPSS
Exploits0References9
OSV
OSV
added 2025/08/11 5:24 p.m.3 views

GO-2025-3835 Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik

Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik...

9.8CVSS7.9AI score0.0108EPSS
Exploits0References7
OSV
OSV
added 2025/08/01 6:8 p.m.4 views

GHSA-Q6GG-9F92-R9WG Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution

Summary A path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This ca...

7.3CVSS7.8AI score0.0108EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/08/01 6:8 p.m.9 views

Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution

Summary A path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This ca...

9.8CVSS7.9AI score0.0108EPSS
Exploits0References8Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 6:58 a.m.19 views

CVE-2024-10585

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the /debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory...

5.3CVSS5.1AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.17 views

CVE-2023-6565

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET...

5.9CVSS7.2AI score0.00642EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.11 views

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

7.5CVSS6.6AI score0.20888EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:52 p.m.5 views

CVE-2020-8772

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...

9.8CVSS6.9AI score0.8787EPSS
Exploits2References1
NVD
NVD
added 2025/02/28 9:15 a.m.7 views

CVE-2024-9195

The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...

8.8CVSS0.00378EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/06 3:10 a.m.12 views

CVE-2016-15004

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

9.8CVSS7.3AI score0.01346EPSS
Exploits1References1
NVD
NVD
added 2025/01/08 6:15 a.m.39 views

CVE-2024-10585

The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the /debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory...

5.3CVSS0.00628EPSS
Exploits0References3
OSV
OSV
added 2024/12/09 2:50 a.m.3 views

MAL-2024-11391 Malicious code in mona-client-plugin (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/09 2:50 a.m.2 views

Malicious code in mona-client-plugin (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Patchstack
Patchstack
added 2024/07/10 11:53 a.m.4 views

WordPress FULL – Cliente plugin <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via License Plan Parameter vulnerability discovered by stealthcopter in WordPress Plugin FULL Customer versions = 3.1.12...

7.2CVSS5.8AI score0.00509EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2023/01/12 4:49 p.m.4 views

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

8.1CVSS7.2AI score0.00783EPSS
Exploits0References6
Rows per page
Query Builder