jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure

A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations...

PT-2020-15536 · Jenkins · Jenkins Mercurial Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.11 and earlier Jenkins Mercurial Plugin versions prior to 2.12 Description: A missing permission check in the Jenkins Mercurial Plugin allows attackers with Overall/Read permission to obtain a list of names...

New Malware, JKDDOS, Targets Commodities Investment Firms

Researchers at Arbor Networks say they have discovered unique samples of a new family of malware that is targeting large investmen firms with holdings in the commodities markets, especially the mining industry. The malware, dubbed ‘JKDDOS,’ is used to launch distributed denial of service DDOS...