398 matches found
CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
CVE-2024-2216
CVE-2024-2216 affects the Jenkins docker-build-step Plugin (versions 2.11 and earlier). The issue is a missing permission check on an HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL and to reconfigure the plugin using the p...
Design/Logic Flaw
alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the http://192.168.26.128:8080/admin/api/users/ endpoint, which exposes the details of the provided user ID. This may...
FESTO Hardware Controller, Hardware Servo Press Kit Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-30310)
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-acknerr-request POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. This plugin...
FESTO Hardware Controller, Hardware Servo Press Kit Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-30311)
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-refresh-request POST request doesn't check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. This plugin...
Missing Permission Check
org.jenkins-ci.plugins:scriptler is vulnerable to a Missing Permission Check. The vulnerability is due to a missing permission check in a HTTP end point which allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
Jenkins Nexus Platform Plugin missing permission check
Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...
Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
CVE-2023-50764
CVE-2023-50764 concerns the Jenkins Scriptler Plugin (versions 342.v6a_89fd40f466 and earlier). The vulnerability stems from an unrestricted file-name query parameter in an HTTP endpoint, which, if an attacker has Scriptler/Configure permission, can lead to deletion of arbitrary files on the Jenk...
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
Jenkins Scriptler Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Design/Logic Flaw
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...
Security Notice: Triton Inference Server - November 2023
This notice is regarding Triton Inference Server. Go to NVIDIA Product Security. December 4, 2023: Triton Inference Server is designed for flexibility and allows developers to create and deploy inferencing solutions in various ways. Triton Inference Server enables teams to deploy any AI model fro...
GHSA-PH87-4X2G-6HP4 Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
DEBIAN-CVE-2022-44010
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...