Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

EUVD-2023-2710

Malicious code in bioql PyPI...

PT-2023-30144 · Cloudbees +1 · Jenkins Cloudbees Cd Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees CD Plugin versions 1.1.32 and earlier Description: The issue allows attackers who can configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. This i...

CVE-2022-29244 npm packing does not respect root-level ignore files in workspaces

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...

unprivileged user can publish a private file

Description user who dont have any accesss in file can publish the file and then unauthenticated user can download that file Proof of Concept 1. From admin account add a new user called user-B as content Authors .\ Now give user-B permission in page section only .Dont give files permission .\ So,...