CVE-2024-52551

Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...

CVE-2024-52551

CVE-2024-52551 affects Jenkins Pipeline Declarative Plugin up to version 2.2214.vb_b_34b_2ea_9b_83 and earlier, allowing restart of a build from a specific stage using an unapproved Jenkinsfile. The underlying issue is an unchecked approval state for the main Jenkinsfile when restarting a prior b...

PT-2024-35373 · Jenkins · Jenkins Pipeline: Declarative Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Declarative Plugin versions 2.2214.vb b 34b 2ea 9b 83 and earlier Description: The issue allows attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer approved, as the plugin...

Jenkins plugin Pipeline:Declarative 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins plugin is an application software plugin. A security...

Important: qt5-qtdeclarative

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

CVE-2020-26309

CVE-2020-26309 concerns the Nope-validator (Validate.js) library. Versions 0.11.3 and earlier contain one or more regular expressions vulnerable to Regular Expression Denial of Service (ReDoS). Documented sources indicate this is a high-severity issue (CVSS-like: HIGH) with potential network expo...

NuGet Package 'Microsoft.Bot.Builder.Dialogs.Declarative' Detection

The remote host has a 'Microsoft.Bot.Builder.Dialogs.Declarative' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

The vulnerability of the module of the declarative delivery tool for GitOps in Kubernetes Argo CD allows a perpetrator to increase their privileges or gain unauthorized access to protected information.

The vulnerability of the module of the declarative delivery tool for GitOps in Kubernetes Argo CD is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to enhance their privileges or gain unauthorized access to...

Malicious code in glovo-data-platform-declarative-airflow (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5182 Malicious code in glovo-data-platform-declarative-airflow (PyPI)

--- -= Per source details. Do not edit below this line.=-...

nmstate bug fix update

An update is available for nmstate. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Nmstate is a library with an accompanying command line tool that manages host...

BIT-ARGO-CD-2024-29893 Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, it's possible to crash the repo server component through an out o...

The vulnerability of the `loadRepoIndex()` function in the declarative tool for continuous delivery of GitOps for Kubernetes Argo CD allows a malicious actor to trigger a service failure.

The vulnerability of the loadRepoIndex function in the declarative tool for continuous delivery of GitOps for Kubernetes Argo CD is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the caching mechanism of the declarative delivery tool for GitOps in Kubernetes Argo CD allows attackers to circumvent security restrictions and execute an brute-force attack.

The vulnerability of the caching mechanism for the declarative delivery tool in GitOps for Kubernetes Argo CD lies in the absence of restrictions on authentication attempts when processing the defaultMaxCacheSize parameter. Exploiting this vulnerability allows a malicious actor to bypass security...

BIT-ARGO-CD-2024-28175 Cross-site scripting on application summary component in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

Cross site scripting

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

CVE-2024-28175 Cross-site scripting on application summary component in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

CVE-2024-28175 Cross-site scripting on application summary component in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the link.argocd.argoproj.io annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All...

[SECURITY] Fedora 40 Update: jakarta-annotations-1.3.5-22.fc40

Jakarta Annotations defines a collection of annotations representing common semantic concepts that enable a declarative style of programming that applies across a variety of Java technologies...

[SECURITY] Fedora 40 Update: hamcrest-2.2-16.fc40

Provides a library of matcher objects also known as constraints or predicate s allowing 'match' rules to be defined declaratively, to be used in other frameworks. Typical scenarios include testing frameworks, mocking libraries a nd UI validation rules...