2314 matches found
CVE-2021-21664
CVE-2021-21664 affects the Jenkins XebiaLabs XL Deploy Plugin up to version 10.0.1, where an incorrect permission check allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs, enabling access to username/password credential...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2021-21662
Summary: CVE-2021-21662 affects Jenkins XebiaLabs XL Deploy Plugin (≤10.0.1). Root cause: missing permission check in a form-validation path permits attackers with Overall/Read to enumerate credentials IDs stored in Jenkins. Impact: information disclosure of credential identifiers; could enable c...
PT-2021-14706 · Xebialabs +1 · Jenkins Xebialabs Xl Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin versions 7.5.8 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins XebiaLabs XL Deploy Plugin version 7.5.8 and earlier versions that allows an...
Jenkins 安全漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins XebiaLabs XL Deploy Plugin has a security vulnerability that stems from missing permission checks in Jenkins...
Jenkins 授权问题漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins XebiaLabs XL Deploy Plugin has an authorization issue vulnerability that stems from incorrect privilege checking ...
PT-2021-14705 · Xebialabs +1 · Jenkins Xebialabs Xl Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin versions 10.0.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. This issue is...
PT-2021-14708 · Xebialabs +1 · Jenkins Xebialabs Xl Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin versions 10.0.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through...
PT-2021-14707 · Xebialabs +1 · Jenkins Xebialabs Xl Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin versions 10.0.1 and earlier Description: An incorrect permission check in the Jenkins XebiaLabs XL Deploy Plugin allows attackers with Generic Create permission to connect to an attacker-specified URL using...
Security Bulletin: IBM UrbanCode Deploy (UCD) stores keystore passwords in plain after a manuel edit, which can be read by a local user.
Summary IBM UrbanCode Deploy UCD leaves a keystore passwords in plain text after a manual edit, which may be read by a local user. Vulnerability Details CVEID: CVE-2020-4944 DESCRIPTION: IBM UrbanCode Deploy UCD stores keystore passwords in plain in plain text after a manuel edit, which can be re...
CVE-2021-3495
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster to deploy a kiali operand to use this vulnerability and deploy a given image to anywhere in the cluster, potential...
Insecure Permissions in Gogs
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks...
Missing Authorization
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks...
Kiali-operator 安全漏洞
kiali-operator is a software application. It is used to build operator images and push the built images to Quay.io. A security vulnerability exists in Kiali-operator. The vulnerability allows an attacker to deploy a given image to any location in a cluster, potentially gaining access to privilege...
CVE-2021-29475
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...
Security Bulletin: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating
Summary XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. Vulnerability Details Refer t...
Directory Traversal
jetty-deploy is vulnerable to directory traversal. The vulnerability exists through the WebAppProvider filter as it does not canonicalize files passed in from the scanner, allowing access to files outside of its working directory...
IBM UrbanCode Deploy elevation of privilege vulnerability (CNVD-2021-26382)
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...