2310 matches found
PT-2019-11707 · Jenkins · Jenkins Xebialabs Xl Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin affected versions not specified Description: A missing permission check in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connecti...
PT-2019-11706 · Jenkins · Jenkins Xebialabs Xl Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin affected versions not specified Description: A cross-site request forgery issue in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an...
Apache Axis 1.4 Remote Code Execution
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apache Axis 1.4 Remote Code Execution CVE-2019-0227 https://rhinosecuritylabs.com/Application-Security/CVE-2019-0227-Expired-Domain-to-RCE-in-Apache-Axis Author: David Yesland @daveysec, Rhino...
CVE-2019-10296
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10296
CVE-2019-10296 affects the Jenkins Serena SRA Deploy Plugin. The vulnerability arises from credentials being stored unencrypted in the plugin’s global configuration on the Jenkins master, specifically in the UrbanDeployPublisher.xml file, which can be read by anyone with access to the Jenkins con...
CVE-2019-10296
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
PT-2019-11698 · Jenkins · Jenkins Serena Sra Deploy Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Serena SRA Deploy Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...
Security Bulletin: An Authenticated Agent Can Modify Another Agent's Properties (CVE-2018-1995)
Summary Old versions of UrbanCode Deploy web agents can allow unauthorized property modification of other agents. Vulnerability Details CVEID: CVE-2018-1995 Details: An authenticated agent can modify another agent's properties using a specially crafted request. Consequences: Agent properties can ...
Authentication Bypass
Apache Geronimo is vulnerable to authentication bypass. This is caused by improper exception handling for failed logins, which would allow a remote attacker to bypass authentication requirements and deploy arbitrary modules and gain administrative access by submitting a blank username and passwor...
CVE-2019-8944
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 and before 2018.10.4 LTS allows remote authenticated users to view sensitive Terraform output variables via log files...
Information disclosure
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 and before 2018.10.4 LTS allows remote authenticated users to view sensitive Terraform output variables via log files...
CVE-2019-8944
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 and before 2018.10.4 LTS allows remote authenticated users to view sensitive Terraform output variables via log files...
CVE-2019-8944
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 and before 2018.10.4 LTS allows remote authenticated users to view sensitive Terraform output variables via log files...
CVE-2019-8944
The CVE-2019-8944 entry concerns Octopus Deploy’s Terraform deployment step prior to 2019.1.8 (and before 2018.10.4 LTS), where remote authenticated users can view sensitive Terraform output variables via log files. The affected component is the Terraform deployment step; root cause is informatio...
Security Bulletin: Publicly Disclosed Vulnerability Found By vFinder (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)
Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sendin...
Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-11784)
Summary Previous releases of IBM UrbanCode Deploy are affected by multiple vulnerabilities in Apache Tomcat. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default...
CVE-2018-11788
Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a...
CVE-2018-11788
Apache Karaf contains an XXE vulnerability in its XMLInputFactory used by the features deployer. The XMLInputFactory does not implement mitigation against external entities, enabling potential XML External Entity Injection in Karaf versions prior to 4.1.7 and prior to 4.2.2. First fixed in Karaf ...
Default credentials
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry...