Security Bulletin:  IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Nimbus-JOSE-JWT (CVE-2023-52428)

Summary Connect2id Nimbus-JOSE-JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the openid authentication options. Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. ...

CVE-2024-23583

An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems...

CVE-2024-23583

An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems...

CVE-2024-23583

CVE-2024-23583 affects HCL BigFix Platform, specifically the Windows Client Deploy Tool, with root cause described as insufficiently protected credentials. The vulnerability could allow an attacker to intercept credentials via Task Manager and gain unauthorized access to the Client Deploy Tool on...

CVE-2024-23583 HCL BigFix Platform is susceptible to insufficiently protected credentials

An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems...

PT-2024-19948

Name of the Vulnerable Software and Affected Versions Client Deploy Tool affected versions not specified Description An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. Recommendations At the moment...

GitLab 12.9 < 12.10.13 / 13.0 < 13.0.8 / 13.1 < 13.1.2 (CVE-2020-13322)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. CVE-2020-13322 Note that Nessus has...

CVE-2024-28781

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

CVE-2024-28781

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

IBM UrbanCode Deploy 跨站脚本漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

CVE-2024-28781

The CVE-2024-28781 entry covers Cross‑Site Scripting in IBM UrbanCode Deploy (UCD). Affected versions are 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2.3.9, 7.3–7.3.2.4, and 8.0–8.0.0.1, where arbitrary JavaScript can be embedded in the Web UI, potentially altering functionality and exposing credentials wi...

CVE-2024-28781 IBM UrbanCode Deploy cross-site scripting

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

PT-2024-22571 · Ibm · Ibm Urbancode Deploy

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.0 through 7.0.5.20 IBM UrbanCode Deploy versions 7.1 through 7.1.2.16 IBM UrbanCode Deploy versions 7.2 through 7.2.3.9 IBM UrbanCode Deploy versions 7.3 through 7.3.2.4 IBM UrbanCode Deploy versions 8.0 throug...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Cross-Site Scripting vulnerability (CVE-2024-28781)

Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

Privilege Escalation

github.com/glpi-project/glpi-agent is vulnerable to Privilege Escalation. The vulnerability is due to improper security controls in the MSI package installer that allow a local user to manipulate the GLPI server URL or disable the agent service, and in some cases, configure a malicious server to...

CVE-2024-3470

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

CVE-2024-3470

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

CVE-2024-3470

GitHub Enterprise Server suffers an Improper Privilege Management flaw that lets a repository deploy key bypass an organization’s ruleset when an attacker has a valid deploy key and repository administrator access. Affected versions are 3.11–3.12; remediation is to upgrade to 3.11.8 or 3.12.2. In...

CVE-2024-3470 Repository administrator can bypass organization's ruleset using deploy keys

An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as we...

PT-2024-26117 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.11 through 3.12 Description: An Improper Privilege Management issue was identified in GitHub Enterprise Server, allowing an attacker to bypass an organization ruleset using a deploy key. The attacker would...