CVE-2023-34434 Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

CVE-2023-34189 Apache InLong: General user can delete and update process

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to...

CVE-2023-36867

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...

CVE-2023-36867

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...

CVE-2023-36867 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

...

PT-2023-3989 · Microsoft · Visual Studio Code Github Pull Requests/Issues Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code GitHub Pull Requests and Issues Extension affected versions not specified Description: The issue is related to errors in processing input data in the Visual Studio Code GitHub Pull Requests and Issues Extension. Exploitatio...

GHSA-757P-7HP5-PQMR Apache InLong Insufficient Session Expiration vulnerability

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to...

Apache InLong Deserialization of Untrusted Data Vulnerability

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the autoDeserialize option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pic...

Synapse does not apply enough checks to servers requesting auth events of events in a room

Impact Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorisation events of events in a room. This is necessary so that a homeserver receiving some events can validate that those...

Default credentials

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. When users change their password to a simple password with any character or symbol, attackers can easily guess the user's password and access the...

Session fixation

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. An old session can be used by an attacker even after the user has been deleted or the password has been changed. Users are advised to upgrade to...

CVE-2023-31062 Apache InLong: Privilege escalation vulnerability for InLong

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid but unprivileged account, the exploit can be executed using Burp Suite by sending a login request and...

CVE-2023-31101 Apache InLong: Users who joined later can see the data of deleted users

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

GHSA-W4V5-54P8-M4J5 Missing permission checks in Jenkins GitHub Pull Request Builder Plugin

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

GHSA-M6Q8-MWF6-6MMC CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-24434

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-24436

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

Jenkins Plugin GitHub Pull Request Coverage Status 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin GitHub Pul...

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Plugin GitHub Pull Request Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...