Lucene search
K

78 matches found

RedHat Linux
RedHat Linux
added 2022/11/23 5:59 p.m.5 views

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

8.1CVSS7.2AI score0.00783EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/17 10:52 p.m.5 views

jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

8.1CVSS7.2AI score0.00783EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.3 views

WordPress plugin OAuth Client by DigitialPixies 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS6.3AI score0.0034EPSS
Exploits2References3
Citrix
Citrix
added 2022/09/29 12:0 a.m.7 views

[Citrix Gateway] Client plugin of Window upgrade fails due to upgrade package issue

The client plugin fails to upgrade to the new one after upgrade ADC, following logs sample could be found in client plugin logs 15:36:32.432 | DEBUG | nsStartSSL called 15:36:32.432 | DEBUG | mNotifier0 15:36:32.447 | EVENT | Version mismatch 15:36:32.447 | DEBUG | RedrawActiveXWnd: 6:0...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.3 views

PT-2022-25766 · Jenkins · Jenkins Scm Httpclient Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SCM HttpClient Plugin versions 1.5 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials ID...

6.5CVSS6.3AI score0.00551EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/08/03 8:40 a.m.46 views

CVE-2022-36881

A flaw was found in the Git-Client Jenkins plugin. The affected versions of the Jenkins Git client Plugin do not perform SSH host key verification when connecting to Git repositories via SSH, enabling Man-in-the-middle attacks...

8.1CVSS3.2AI score0.00783EPSS
Exploits0References5
OSV
OSV
added 2022/07/27 3:15 p.m.28 views

CVE-2022-36881

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks...

8.1CVSS8AI score
Exploits0References2
CVE
CVE
added 2022/07/27 2:20 p.m.143 views

CVE-2022-36881

CVE-2022-36881 affects Jenkins Git client plugin and is disclosed across multiple sources (including GHSA and OSV). The issue: Git client plugin 3.11.0 and older does not perform SSH host key verification when connecting to Git repositories over SSH, enabling Man-in-the-Middle attacks. Impact des...

8.1CVSS7.8AI score0.00783EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.15 views

Jenkins Git client Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.1CVSS7.7AI score0.00783EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.5 views

PT-2022-5835 · Jenkins · Jenkins Git Client Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git client Plugin versions 3.11.0 and earlier Description: The issue is related to the lack of SSH host key verification when connecting to Git repositories via SSH, which enables man-in-the-middle attacks. This is due to shortcomings...

8.1CVSS7.9AI score0.00783EPSS
Exploits0References10
OSV
OSV
added 2022/07/23 7:15 a.m.5 views

CVE-2016-15004

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

9.8CVSS5.5AI score0.01346EPSS
Exploits1References3
NVD
NVD
added 2022/07/23 7:15 a.m.13 views

CVE-2016-15004

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

9.8CVSS0.01346EPSS
Exploits1References3
Prion
Prion
added 2022/07/23 7:15 a.m.19 views

Design/Logic Flaw

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

7.5CVSS7.7AI score0.01346EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/23 6:45 a.m.9 views

CVE-2016-15004 InfiniteWP Client Plugin injection

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. ...

7.3CVSS7.3AI score0.01346EPSS
Exploits1References3
CVE
CVE
added 2022/07/23 6:45 a.m.53 views

CVE-2016-15004

CVE-2016-15004 affects InfiniteWP Client Plugin for WordPress (versions around 1.5.1.3/1.6.0). The vulnerability type is an injection caused by an unknown faulty functionality, permitting a remote attack. Supported by connected documents, the issue is addressed by upgrading to version 1.6.1.1. Ex...

9.8CVSS8.8AI score0.01346EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/24 4:55 p.m.32 views

GHSA-HW6X-2QWV-RXR7 Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

8.8CVSS8.8AI score0.25779EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:55 p.m.31 views

Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

8.8CVSS3.4AI score0.25779EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:21 a.m.18 views

Insecure temporary file usage in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

3.3CVSS1AI score0.00379EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 12:21 a.m.21 views

GHSA-FCXW-HHXQ-48WX Insecure temporary file usage in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure...

3.3CVSS3.6AI score0.00379EPSS
Exploits0References5
Fedora
Fedora
added 2021/12/05 1:39 a.m.20 views

[SECURITY] Fedora 34 Update: vdr-scraper2vdr-1.0.11-14.20190128gitd9f6cb4.fc34.1

Scraper2vdr acts as client and provides scraped metadata for tvshows and movies from epgd to other plugins via its service interface. The plugin cares about caching the images locally and also cleans up the images if not longer needed. epgd itself uses the thetvdb.com API for collecting series...

2.6AI score0.0071EPSS
Exploits1
Rows per page
Query Builder