78 matches found
jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client
A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...
jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client
A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...
WordPress plugin OAuth Client by DigitialPixies 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
[Citrix Gateway] Client plugin of Window upgrade fails due to upgrade package issue
The client plugin fails to upgrade to the new one after upgrade ADC, following logs sample could be found in client plugin logs 15:36:32.432 | DEBUG | nsStartSSL called 15:36:32.432 | DEBUG | mNotifier0 15:36:32.447 | EVENT | Version mismatch 15:36:32.447 | DEBUG | RedrawActiveXWnd: 6:0...
PT-2022-25766 · Jenkins · Jenkins Scm Httpclient Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins SCM HttpClient Plugin versions 1.5 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials ID...
CVE-2022-36881
A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...
CVE-2022-36881
Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks...
CVE-2022-36881
CVE-2022-36881 affects Jenkins Git client plugin and is disclosed across multiple sources (including GHSA and OSV). The issue: Git client plugin 3.11.0 and older does not perform SSH host key verification when connecting to Git repositories over SSH, enabling Man-in-the-Middle attacks. Impact des...
Jenkins Git client Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-5835 · Jenkins · Jenkins Git Client Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 3.11.0 and earlier Description: The issue is related to the lack of SSH host key verification when connecting to Git repositories via SSH, which enables man-in-the-middle attacks. This is due to shortcomings...
CVE-2016-15004
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
CVE-2016-15004
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
Design/Logic Flaw
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
CVE-2016-15004 InfiniteWP Client Plugin injection
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...
CVE-2016-15004
CVE-2016-15004 affects InfiniteWP Client Plugin for WordPress (versions around 1.5.1.3/1.6.0). The vulnerability type is an injection caused by an unknown faulty functionality, permitting a remote attack. Supported by connected documents, the issue is addressed by upgrading to version 1.6.1.1. Ex...
GHSA-HW6X-2QWV-RXR7 Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...
Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...
Insecure temporary file usage in Jenkins Git Client Plugin
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...
GHSA-FCXW-HHXQ-48WX Insecure temporary file usage in Jenkins Git Client Plugin
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...
[SECURITY] Fedora 34 Update: vdr-scraper2vdr-1.0.11-14.20190128gitd9f6cb4.fc34.1
Scraper2vdr acts as client and provides scraped metadata for tvshows and movies from epgd to other plugins via its service interface. The plugin cares about caching the images locally and also cleans up the images if not longer needed. epgd itself uses the thetvdb.com API for collecting series...