1320 matches found
CVE-2023-36869 Azure DevOps Server Spoofing Vulnerability
...
CVE-2023-36869
CVE-2023-36869 corresponds to a spoofing vulnerability in Microsoft Azure DevOps Server. Connected sources specify that the flaw allows an attacker to pretend to be another user, i.e., UI spoofing, with CVSS v3.1 base metrics: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (base 6.3). The vulnerability is c...
Azure DevOps Server Spoofing Vulnerability
...
Microsoft Azure DevOps Server 安全漏洞
Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as sharing code, work tracking, and software distribution. The Microsoft Azure DevOps Server spoofing vulnerability can be exploited by attackers...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to impersonate another user, potentially gaining access gain access to sensitive data in the victim's context, or execute code with the victim's privileges. Successful exploitation...
KLA51717 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing...
PT-2023-25730 · Microsoft · Azure Devops Server
Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: The issue is related to a spoofing vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-wor...
Missing authorization in Jenkins Plug-in for ServiceNow
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow...
GHSA-CJ2X-R74Q-VCX9 Missing authorization in Jenkins Plug-in for ServiceNow
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow...
CVE-2023-3414
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for...
CVE-2023-3442
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow...
CVE-2023-3442
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow...
CVE-2023-3414
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for...
Authorization
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow...
CVE-2023-3442 Missing Authorization in Jenkins plug-in for ServiceNow DevOps
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow...
CVE-2023-3442
CVE-2023-3442 affects the Jenkins Plug-in for ServiceNow DevOps prior to version 1.38.1. The issue is a missing authorization check that could allow exposure of sensitive information when exploited. The advisory explicitly recommends updating the plugin on Jenkins servers to 1.38.1; no changes ar...
CVE-2023-3442 Missing Authorization in Jenkins plug-in for ServiceNow DevOps
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow...
CVE-2023-3414 Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for...
CVE-2023-3414 Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for...