664 matches found
CVE-2022-43424
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-43424
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...
CVE-2022-43424
CVE-2022-43424 affects the Jenkins Compuware Xpediter Code Coverage Plugin (versions 1.0.7 and earlier). The vulnerability arises from an agent/controller message that is not restricted where it can be executed, enabling an attacker who can control agent processes to read Java system properties f...
What’s New in InsightVM and Nexpose: Q3 2022 in Review
Another quarter comes to a close! While we definitely had our share of summer fun, our team continued to invest in the product, releasing features and updates like recurring coverage for enterprise technologies, performance enhancements, and more. Let’s take a look at some of the key releases in...
Prioritizing XDR in 2023: Stronger Detection and Response With Less Complexity
As we get closer to closing out 2022, the talk in the market continues to swirl around extended detection and response XDR solutions. What are they? What are the benefits? Should my team adopt XDR, and if yes, how do we evaluate vendors to determine the best approach? While there continue to be...
Malicious Package
Overview ganache-cli-coverage is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious code in ganache-cli-coverage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3cf5b4f2dfa6a2a564792989664d9c282942969da8def4b2021ecb8ccdca022 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3269 Malicious code in ganache-cli-coverage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3cf5b4f2dfa6a2a564792989664d9c282942969da8def4b2021ecb8ccdca022 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
be.cylab.mark:client (>=0.0.20 <=2.6.0), be.cylab.mark:core (>=0.0.20 <=2.6.0) +3 more potentially affected by CVE-2022-38749 via be.cylab:snakeyaml (=1.25.1)
be.cylab:snakeyaml MAVEN version =1.25.1 is affected by a known vulnerability. The following packages have a transitive dependency on be.cylab:snakeyaml and may be impacted: - be.cylab.mark:client =0.0.20, =0.0.20, =1.3.1, =0.0.22, =0.0.20, =2.3.0 Source cves: CVE-2022-38749 Source advisory:...
SUSE: Security Advisory (SUSE-SU-2022:2831-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-x-tools-0.1.10-3.fc36
This package holds the source for various tools that support the Go programmi ng language. Some of the tools, godoc and vet for example, are included in binary Go distributions. Others, including the Go guru and the test coverage tool, can be fetched with go get. Packages include a type-checker f...
GHSA-HXF7-9RV9-88V6 Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those...
Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those...
CVE-2022-36897
A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...
CVE-2022-36897
A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...
Design/Logic Flaw
A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...
CVE-2022-36897
A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...
CVE-2022-36897
Summary: Jenkins Compuware Xpediter Code Coverage Plugin
Jenkins Compuware Xpediter Code Coverage Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-4033 · Jenkins · Jenkins Compuware Xpediter Code Coverage Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Xpediter Code Coverage Plugin versions 1.0.7 and earlier Description: The issue is related to a missing permission check in the plugin, which can be exploited by attackers with Overall/Read permission to enumerate hosts and...