39 matches found
XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests
Impact XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the LiveTableResults, it is still possible to discover password hashes one bit at a time, so with 768 requests, the full password salt and hash can be retrieved of a user...
EUVD-2019-3253
Malware in sbrugna...
EUVD-2019-6100
Malware in sbrugna...
EUVD-2022-4699
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2761
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an...
CVE-2022-2761
An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown GFM references in a Jira issue to disclose the names of resources they don't have access to...
CVE-2019-1003054
Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Malicious code in autolink-jira-issue (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d899824dec6a9efaddf4482f495ca1b557fc0ec18d4371e0214c6397fd95ee71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10553 Malicious code in autolink-jira-issue (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d899824dec6a9efaddf4482f495ca1b557fc0ec18d4371e0214c6397fd95ee71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Moderate: Red Hat Bug Fix Advisory: Multicluster Engine for Kubernetes 2.5.5 bug fix updates
Multicluster Engine for Kubernetes 2.5.5 General Availability release images, which fix bugs and update container images. Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data...
GHSA-2FR7-CC7P-P45Q Data leak of password hash through change requests
Impact Change request allows to edit any page by default, and the changes are then exported in an XML that anyone can download. So it's possible for an attacker to obtain password hash of users by performing edition of the user profiles and then downloading the XML that has been created. This is...
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...
GHSA-5MF8-V43W-MFXP XWiki Platform privilege escalation (PR) from account through AWM content fields
Impact Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. The problem is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field,...
aardvark-dns security update
runc 1:1.1.4-1.0.1 - rootless: fix /sys/fs/cgroup mounts to prevent CVE-2023-25809 - rootfs: prohibit symlinks that conflicts with readonlyPaths and/or maskedPaths to prevent CVE-2023-27561 - Prohibit /proc and /sys to be symlinks to prevent CVE-2023-28642 - JIRA: OLDIS-25589...
GHSA-6XXR-648M-GCH6 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...
Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.2.3 security updates and bug fixes
Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
GitLab 13.9 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Information Exposure Vulnerability
GitLab is prone to an information exposure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...
Information disclosure
An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown GFM references in a Jira issue to disclose the names of resources they don't have access to...
CVE-2022-2761
An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown GFM references in a Jira issue to disclose the names of resources they don't have access to...
PT-2022-18514 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.4 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.3 GitLab CE/EE versions 15.5 through 15.5.1 Description: An information disclosure issue in GitLab CE/EE allows an attacker to use GitLab Flavored Markdown GFM...