2308 matches found
PT-2022-15837 · Unknown · Openlibrary
Name of the Vulnerable Software and Affected Versions: openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 Description: The issue is related to Reflected XSS. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...
Security feature bypass
Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...
Malicious code in aws-ms-deploy-assistant (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe7c48a4ab3024ab51cf5a3b5bccdd0daa9bd6b87983ef3dd8137c3f697a0993 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1200 Malicious code in aws-ms-deploy-assistant (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe7c48a4ab3024ab51cf5a3b5bccdd0daa9bd6b87983ef3dd8137c3f697a0993 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-31062 Unauthenticated Local File Inclusion
Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...
CVE-2022-31062
GLPI Inventory Plugin for GLPI is affected by an unauthenticated Local File Inclusion vulnerability in versions before 1.0.2. A public script in the plugin can be used to read system files (root cause: public file/script exposed under b/deploy/index.php path). Impact is reading contents of system...
CVE-2022-31062 Unauthenticated Local File Inclusion
Impact A plugin public script can be used to read content of system files. Patches Upgrade to version 1.0.2. Workarounds b/deploy/index.php file can be deleted if deploy feature is not used...
PT-2022-20499 · Plugin · Plugin
Name of the Vulnerable Software and Affected Versions: Plugin versions prior to 1.0.2 Description: A plugin public script can be used to read the content of system files. Recommendations: For versions prior to 1.0.2, upgrade to version 1.0.2. As a temporary workaround, consider deleting the...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
Authorization
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
CVE-2022-1936
CVE-2022-1936 is a GitLab EE vulnerability citing incorrect authorization where an attacker with a valid Project Deploy Token could misuse it from any location despite IP allowlisting. Affected versions: GitLab 12.0–before 14.9.5; 14.10–before 14.10.4; 15.0–before 15.0.1. Root cause is improper a...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
CVE-2022-1936
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP...
PT-2022-14201 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.0 through 14.9.5 GitLab EE versions 14.10.0 through 14.10.3 GitLab EE versions 15.0.0 Description: The issue is related to incorrect authorization in GitLab EE, allowing an attacker with a valid Project Deploy Token to...
GitLab 授权问题漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. GitLab Community Edition and GitLab Enterprise Edition have an authorization issue...
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs
Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture t...
GHSA-H246-G39X-7VMX Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs
Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture t...
GHSA-38PM-74XC-PHCW CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...