14 matches found
EUVD-2020-20234
Malware in sbrugna...
EUVD-2020-27021
Malware in sbrugna...
CVE-2020-27730
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...
GHSA-XWGJ-VPM9-Q2RQ Vulnerable juju introspection abstract UNIX domain socket
Impact An abstract UNIX domain socket responsible for introspection is available without authentication locally to any user with access to the network namespace where the local juju agent is running. On a juju controller agent, denial of service can be performed by using the /leases/revoke...
K43530108: NGINX Controller Agent vulnerability CVE-2020-27730
Security Advisory Description The NGINX Controller Agent does not use absolute paths when calling system utilities. CVE-2020-27730 Impact This vulnerability allows a local attacker to escalate privileges and run arbitrary code as the agent root process. Security Advisory Status F5 Product...
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity XXE attacks, which is only a problem if XML documents are parsed on the Jenkins controller...
Server side request forgery (ssrf)
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...
Code injection
Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent...
CVE-2021-23021
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...
CVE-2020-27730
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...
CVE-2020-27730
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...
CVE-2020-27730
CVE-2020-27730 affects the NGINX Controller Agent : versions 1.0.1, 2.0.0–2.9.0, and 3.0.0–3.9.0 do not use absolute paths when invoking system utilities, enabling a local attacker to escalate privileges to root and execute arbitrary code. Public disclosures from Red Hat and F5 corroborate the vu...
PT-2020-5282 · Nginx · Nginx Controller Agent
Name of the Vulnerable Software and Affected Versions: NGINX Controller Agent versions 1.0.1, 2.0.0 through 2.9.0, 3.0.0 through 3.9.0 Description: The issue is related to the NGINX Controller Agent's failure to use absolute paths when calling system utilities, which can be exploited by a remote...
Design/Logic Flaw
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...