EUVD-2022-5373

Malicious code in bioql PyPI...

New Pacu Module: Secret Enumeration in Elastic Beanstalk

The post New Pacu Module: Secret Enumeration in Elastic Beanstalk appeared first on Rhino Security Labs...

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.awsbeanstalkpublisher.AWSEBPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-VJR6-CQ22-M4Q5 Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.awsbeanstalkpublisher.AWSEBPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

AWS Elastic Beanstalk Dockerrun Detected

AWS Elastic Beanstalk is a Platform-as-a-Service PaaS feature provided by Amazon Web Services which allows developers to quickly deploy their web applications in various predefined environments Java, .NET, PHP... without managing the underlying infrastructure configuration. AWS Elastic Beanstalk...

rockymountainelk-prod.mtzk9mbhu8.us-east-1.elasticbeanstalk.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1155100 Security Researcher geeknik Helped patch 8815 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

Dufflebag - Search Exposed EBS Volumes For Secrets

Dufflebag is a tool that searches through public Elastic Block Storage EBS snapshots for secrets that may have been accidentally left in. You may be surprised by all the passwords and secrets just laying around! The tool is organized as an Elastic Beanstalk "EB", not to be confused with EBS...

toolboxstage-env.elasticbeanstalk.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1025812 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CloudBees Jenkins AWS Elastic Beanstalk Publisher Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.AWS Elastic Beanstalk Publisher Plugin is used in which a z...

Design/Logic Flaw

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003052

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003052

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003052

CVE-2019-1003052 affects the Jenkins AWS Elastic Beanstalk Publisher Plugin. The credential data is stored in plaintext in the plugin’s global configuration file on the Jenkins master/controller (org.jenkinsci.plugins.awsbeanstalkpublisher.AWSEBPublisher.xml), allowing any user with master filesy...

PT-2019-11342 · Jenkins · Jenkins Aws Elastic Beanstalk Publisher Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins AWS Elastic Beanstalk Publisher Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller...

heatmaprestapi-production.eu-west-1.elasticbeanstalk.com XSS vulnerability

Open Bug Bounty ID: OBB-624731 Description| Value ---|--- Affected Website:| heatmaprestapi-production.eu-west-1.elasticbeanstalk.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting /...

tpt-staging.us-east-1.elasticbeanstalk.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-539136 Description| Value ---|--- Affected Website:| tpt-staging.us-east-1.elasticbeanstalk.com Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Disclosure...

tpt-staging.us-east-1.elasticbeanstalk.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-539084 Description| Value ---|--- Affected Website:| tpt-staging.us-east-1.elasticbeanstalk.com Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Disclosure...

Starbucks: Persistent XSS in www.starbucks.com

There is a persistent XSS in https://www.starbucks.com/coffee/espresso/latte-macchiato It is caused by loading scripts from: //starbucksmacchiato-prod.elasticbeanstalk.com/scripts/bn-v1.0.0-Release-min.js Note that starbucksmacchiato-prod.elasticbeanstalk.com is not registered on elastic beanstal...

AWS Elastic Beanstalk Code Execution

Form:http://en.wooyun.org/bugs/wooyun-2013-040 Abstract£º AWS Elastic Beanstalk is an even easier way for you to quickly deploy and manage applications in the AWS cloud. elasticbeanstalk subdomain exists Struts2 code execution . Details£º poc return /ok:...

Amazon Web Service Down, No Timeline for Remedy

Amazon Web Service’s AWS Elastic Compute Cloud EC2, based in Northern Virginia, went offline early this morning, taking with it a number of popular sites including, news aggregator Reddit and question and answer site and TechCrunch darling, Quora.The Web hosting firm’s Relational Database Service...