Security Bulletin: UrbanCode Deploy users with create-resource permission for the standard resource type may create child resources inheriting custom types (CVE-2022-22315).

Summary Users in UrbanCode Deploy with create-resource permission for the standard resource type but not for a custom resource type, may create child resources inheriting that custom type. Vulnerability Details CVEID: CVE-2022-22315 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticat...

CVE-2022-22315

IBM UrbanCode Deploy UCD 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955...

IBM UrbanCode Deploy Encryption Issue Vulnerability

IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...

Odin - Central IoC Scanner Based On Loki

Odin is a central IoC scanner based on Loki General Info This application Loki latest version and download it on all machines using a powershell script and run it then this app receives the respose from all machines and parse the feed in CSV form. Requirements 1. Python +3.5 2. PyQT5 3. psutil 4...

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

Code injection

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

CVE-2022-22327

IBM UrbanCode Deploy (UCD) is affected by CVE-2022-22327 due to weaker-than-expected cryptographic algorithms that could allow decryption of highly sensitive information. Affected products and versions include UCD 7.0.5.3–7.0.5.7 and 7.1.0.0–7.1.2.4 (inclusive). Remediation: upgrade to 7.0.5.9, 7...

IBM UrbanCode Deploy 加密问题漏洞

IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...

Security Bulletin: CVE-2022-22327 Urbancode Deploy Web-Agent communication uses system default TLS protocol instead of application configured value.

Summary Urbancode Deploy may use the system default TLS protocol instead of the application value when install.server.ssl.enabledProtocols is set to a non-default value. Vulnerability Details CVEID: CVE-2022-22327 DESCRIPTION: IBM UrbanCode Deploy UCD uses weaker than expected cryptographic...

Security Bulletin: IBM Urbancode Deploy impacted by Apache Log4j SQL Injection vulnerability. (CVE-2022-23305)

Summary When added to the logging configuration, the Log4j JDBCAppender may not be properly encoding content sent to an external SQL database. This is a non-default configuration. The fix removes this component. Vulnerability Details CVEID: CVE-2022-23305 DESCRIPTION: Apache Log4j is vulnerable t...

CVE-2022-22327

IBM UrbanCode Deploy UCD 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859...

CVE-2022-24790 HTTP Request Smuggling in puma

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. Thi...

CVE-2022-24783 Sandbox bypass leading to arbitrary code execution in Deno

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 inclusive are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This...

Jenkins Kubernetes Continuous Deploy Plugin Path Traversal Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...

Jenkins Kubernetes Continuous Deploy Plugin Permissions Licensing and Access Control Issues Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...

CVE-2022-27210

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2022-27208

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...

CVE-2022-27209

A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...