SUSE-SU-2026:2256-1 Security update for salt

This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...

EUVD-2023-1512

Malicious code in bioql PyPI...

Arbitrary Code Injection

github.com/ansible-semaphore/semaphore is vulnerable to Arbitrary Code Injection. The vulnerability exists in makeCmd function at AnsiblePlaybook.go which allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

GHSA-3R32-CP7V-5WQ4 Code injection in ansible semaphore

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

CVE-2023-39059

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

CVE-2023-39059

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

Code injection

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

PT-2023-5312 · Ansible · Ansible

Name of the Vulnerable Software and Affected Versions: ansible semaphore version 2.8.90 Description: The issue in ansible semaphore allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. This is related to incorrect code generation management in...

CVE-2023-39059

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter...

GHSA-97WP-63WQ-HFWH Jenkins Ansible Plugin job configuration form does not mask variables

Jenkins Ansible Plugin allows the specification of extra variables that can be passed to Ansible. These extra variables are commonly used to pass secrets. Ansible Plugin 204.v8191fd551ebf and earlier stores these extra variables unencrypted in job config.xml files on the Jenkins controller as par...

CVE-2023-32983

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-32983

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-32982

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2023-32982

Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

PT-2023-24115 · Jenkins · Jenkins Ansible Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Plugin versions 204.v8191fd551eb f and earlier Description: The issue concerns the storage of extra variables, often used to pass secrets, in an unencrypted manner in job config.xml files on the Jenkins controller. These...

PT-2023-24116 · Jenkins · Jenkins Ansible Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Plugin versions 204.v8191fd551eb f and earlier Description: The issue concerns the Jenkins Ansible Plugin, which allows the specification of extra variables that can be passed to Ansible, commonly used to pass secrets. These...