Lucene search
+L

5 matches found

osv
osv
added 2026/04/14 1:48 a.m.3 views

CVE-2026-34984 External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References5
github
github
added 2022/10/19 7:0 p.m.33 views

Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. These...

5.3CVSS6AI score0.00647EPSS
Exploits0References5Affected Software1
osv
osv
added 2022/10/19 7:0 p.m.15 views

GHSA-2X49-WJ38-78Q9 Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin

Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. This vulnerability is onl...

4.3CVSS5.6AI score0.00666EPSS
Exploits0References5
attackerkb
attackerkb
added 2022/10/19 4:15 p.m.5 views

CVE-2022-43402

A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea628154bc2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection...

9.9CVSS6.1AI score0.0116EPSS
Exploits0References4
cnnvd
cnnvd
added 2021/04/21 12:0 a.m.7 views

Jenkins Templating Engine Plugin 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Templating Engine Plugin in version 2.1 and earlier versions of a security vulnerability , the vulnerability...

8.8CVSS6AI score0.01749EPSS
Exploits0References6
Rows per page
Query Builder