Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...

Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

GHSA-6MPP-CM3V-23VV Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in...

GHSA-JM4G-8RVQ-V87J Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

RCE vulnerability in Jenkins AWS SAM Plugin

AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to configure a job or control the contents of a previously configured "AWS SAM deploy...

GHSA-GRPP-GX5H-PVH8 Jenkins XebiaLabs XL Deploy Plugin vulnerable to Cross-site request forgery (CSRF)

A missing permission check in a form validation method in Jenkins XebiaLabs XL Deploy Plugin allows users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified credentials. Additionally, the form validation method does not require POST...

Missing permission check in Jenkins XebiaLabs XL Deploy Plugin

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

Jenkins XebiaLabs XL Deploy Plugin vulnerable to Cross-site request forgery (CSRF)

A missing permission check in a form validation method in Jenkins XebiaLabs XL Deploy Plugin allows users with Overall/Read permission to initiate a connection test to an attacker-specified server with attacker-specified credentials. Additionally, the form validation method does not require POST...

GHSA-44W7-GH9C-4QVR Missing permission check in Jenkins XebiaLabs XL Deploy Plugin

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

Acronis Snap Deploy Elevation of Privilege Vulnerability (CNVD-2022-64257)

Acronis Snap Deploy, an Acronis platform for bulk deployment of system images, is vulnerable to an elevation of privilege vulnerability that stems from assigning too many privileges to child processes, which could be exploited by an attacker to cause a local elevation of privilege...

ceph-deploy uses world-readable permissions on client.admin key

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

GHSA-79JF-CCM8-43W7 ceph-deploy uses world-readable permissions on client.admin key

The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

com.amazonaws:codedeploy (=1.15), com.aspectsecurity.automationservices.plugins.jenkins:ibm-security-appscansource-scanner (>=1.0.3 <=1.0.5) +332 more potentially affected by CVE-2014-3667 via org.jenkins-ci.main:jenkins-core (>=1.566 <=1.582)

org.jenkins-ci.main:jenkins-core MAVEN version =1.566, =1.0.3, =1.0.0, =2.2.0, =2.0, =8.5.0, =1.2, =1.29, =1.0, =1.0, =1.00, =1.2 and more Source cves: CVE-2014-3667 Source advisory: OSV:GHSA-5XM3-48V5-6H7V...

ceph-deploy allows local users to obtain sensitive information by reading the file

ceph-deploy before 1.5.23 uses weak permissions 644 for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

GHSA-9W4F-3V37-6F75 ceph-deploy allows local users to obtain sensitive information by reading the file

ceph-deploy before 1.5.23 uses weak permissions 644 for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

CVE-2022-30696

Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy Windows before build 3640...

CVE-2022-30697

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy Windows before build 3640...

CVE-2022-30695

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy Windows before build 3640...

CVE-2022-30695

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy Windows before build 3640...