wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default

It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...

wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default

It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...

Malicious Package

Overview appdeployer is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using appdeployer...

CVE-2020-2155

Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

CVE-2020-2155

Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

Design/Logic Flaw

Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

CVE-2020-2155

Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

CVE-2020-2155

CVE-2020-2155 affects Jenkins OpenShift Deployer Plugin (versions 1.2.0 and earlier). The root cause is that credentials are transmitted in plain text via the global Jenkins configuration form, potentially exposing them (e.g., through browser extensions or XSS). Credentials are stored encrypted o...

PT-2020-15372 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: The issue is related to the transmission of configured credentials in plain text as part of the global Jenkins configuration form. This potentially results in their...

wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default

It was found that Wildfly users had default user permissions set incorrectly. A malicious user could use this flaw to access unauthorized controls for the application server...

CloudBees Jenkins WebSphere Deployer Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . WebSphere Deployer Plugin is used in which a...

CVE-2020-2108

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

CVE-2020-2108

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

CVE-2020-2108

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions...

CVE-2020-2108

CVE-2020-2108 affects Jenkins WebSphere Deployer Plugin 1.6.1 and earlier. The root cause is the XML parser not configured to disable XML External Entity (XXE) processing, allowing XXE exploitation. An attacker with Job/Configure permissions can upload a specially crafted WAR containing WEB-INF/i...

PT-2020-15315 · Jenkins · Jenkins Websphere Deployer Plugin +1

Content removed...

Red Hat JBoss Enterprise Application Platform 7.x < 7.2.5 Multiple Vulnerabilities

The version of Red Hat JBoss Enterprise Application Platform EAP installed on the remote host is 7.x prior to 7.2.5. It is therefore, affected my multiple vulnerabilities as referenced in the RHSA-2019:4021 advisory: - undertow: HTTP/2: large amount of data requests leads to denial of service...

CloudBees Jenkins WebSphere Deployer Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . WebSphere Deployer Plugin is used in which a...

CloudBees Jenkins WebSphere Deployer Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . WebSphere Deployer Plugin is used in which a...

CloudBees Jenkins WebSphere Deployer Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . WebSphere Deployer Plugin is used in which a...