Synapse does not apply enough checks to servers requesting auth events of events in a room

Impact Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorisation events of events in a room. This is necessary so that a homeserver receiving some events can validate that those...

Default credentials

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password with any character or symbol, attackers can easily guess the user's password and access the...

CVE-2023-31062 Apache InLong: Privilege escalation vulnerability for InLong

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid but unprivileged account, the exploit can be executed using Burp Suite by sending a login request and...

CVE-2023-31101 Apache InLong: Users who joined later can see the data of deleted users

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

GHSA-W4V5-54P8-M4J5 Missing permission checks in Jenkins GitHub Pull Request Builder Plugin

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

GHSA-M6Q8-MWF6-6MMC CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-24434

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-24436

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

Jenkins Plugin GitHub Pull Request Coverage Status 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin GitHub Pul...

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-24436

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

PT-2023-19594 · Jenkins · Jenkins Github Pull Request Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

CVE-2023-24435

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-24434

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000142 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000142...

org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000186 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000186...

Microsoft Visual Studio Code 代码注入漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Visual Studio Code, which stems from a GitHub pull request and a remote code execution vulnerability in the extension in question...

Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution

Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Date: 2020-03-25 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link:...

Arbitrary File Write via Archive Extraction

Overview Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.3.18 or later. References - GitHub Pull Request - Zip Slip...