CloudBees Jenkins Code Coverage API Plugin XXE Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Code Covera...

CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2172

Vulnerability summary: Jenkins Code Coverage API Plugin (versions 1.1.4 and earlier) is affected by an XXE flaw caused by an unconfigured XML parser. This could allow a user who supplies input files for the “Publish Coverage Report” step to trigger external entities, potentially exposing secrets ...

CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2020-15382 · Jenkins · Jenkins Code Coverage Api Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Code Coverage API Plugin versions 1.1.4 and earlier Description: The issue allows a user who can control the input files for the "Publish Coverage Report" post-build step to have Jenkins parse a crafted file that uses external entitie...

Announcing the Release of Malware Prevention for Linux

The VMware Carbon Black team has a mission to keep your entire organization safe from cyber attacks. To deliver on this for today’s landscape, the Carbon Black Cloud platform has added malware prevention for Linux to bring the entire protection lifecycle to Windows, macOS, and Linux. With Linux n...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks

Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus...

Microsoft Patch Tuesday — March 2020: Vulnerability disclosures and Snort coverage

By Jon Munshaw and Vitor Ventura. Update March 12, 2020: Microsoft released an out-of-band patch for CVE-2020-0796, a code execution vulnerability SMB client and server for Windows. An unauthenticated attacker could exploit this vulnerability to execute remote code. Snort rules 53425 - 53428...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system...

PT-2020-15350 · Jenkins · Jenkins Cobertura Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cobertura Plugin versions 1.15 and earlier Description: The issue allows attackers who can control the coverage report file contents to overwrite any file on the Jenkins master file system. This is due to an arbitrary file write...

CloudBees Jenkins Code Coverage API Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

Exploit for Use After Free in Google Android

CVE-2019-2215 Pr...

Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS

Manul is a coverage-guided parallel fuzzer for open-source and black-box binaries on Windows, Linux and macOS beta written in pure Python. Quick Start pip3 install psutil git clone https://github.com/mxmssh/manul cd manul mkdir in mkdir out echo "AAAAAA" in/test python3 manul.py -i in -o out -n 4...

Microsoft Patch Tuesday — Feb. 2020: Vulnerability disclosures and Snort coverage

By Jon Munshaw. Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 98 vulnerabilities, 12 of which are considered critical and 84 that are considered important. There a...

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...

CVE-2020-2106

Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations...