kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches

...

Tuleap 安全漏洞

Tuleap is an open source application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. A security vulnerability exists in Tuleap Community versions prior to 13.10.99.82, Tuleap Enterprise versio...

Jenkins List Git Branches Parameter Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building and deploying projects, and the Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier is vulnerable to a cross-site...

CVE-2022-27212

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches and more' parameter, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-27212

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches and more' parameter, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-27212

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches and more' parameter, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches and more' parameter, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-27212

CVE-2022-27212 concerns Jenkins List Git Branches Parameter Plugin versions 0.0.9 and earlier. The vulnerability is a stored cross-site scripting (XSS) flaw caused by the plugin’s failure to escape the names of the List Git branches (and more) parameter. An attacker with Item/Configure permission...

Jenkins List Git Branches Parameter 插件跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building and deploying projects, and the Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier is vulnerable to a cross-site...

PT-2022-18300 · Jenkins · Jenkins List Git Branches Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins List Git Branches Parameter Plugin versions 0.0.9 and earlier Description: The issue results from the failure to escape the name of the 'List Git branches and more' parameter, leading to a stored cross-site scripting XSS vulnerability...

Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execute Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE", 'Description' = %q This module exploits a php object instantiation...

Shopware createInstanceFromNamedArguments PHP Object Instantiation Exploit

This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently...