Lucene search
K

25 matches found

NVD
NVD
added 2026/03/11 5:16 p.m.5 views

CVE-2026-20165

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...

6.5CVSS0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:17 p.m.3 views

CVE-2026-20165

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...

6.3CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24737

In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold the "admin" or "power" Splunk roles could retrieve sensitive information by inspectin...

6.3CVSS5.8AI score0.00166EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29470

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-13340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log CVE-2020-13340 Note that Nessus reli...

8.7CVSS7.6AI score0.68639EPSS
Exploits0References2
NVD
NVD
added 2025/07/24 7:15 a.m.5 views

CVE-2025-1299

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...

4.3CVSS0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/24 6:33 a.m.7 views

CVE-2025-1299 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...

4.3CVSS0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/24 6:33 a.m.3 views

CVE-2025-1299 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...

4.3CVSS6AI score0.00298EPSS
Exploits0References2
OSV
OSV
added 2025/07/24 6:33 a.m.5 views

CVE-2025-1299 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...

4.3CVSS6.2AI score0.00298EPSS
Exploits0References5
OSV
OSV
added 2025/07/21 7:12 p.m.4 views

GHSA-MJ96-MH85-R574 buildalon/setup-steamcmd leaked authentication token in job output logs

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

8.7CVSS6.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/07/21 7:12 p.m.4 views

buildalon/setup-steamcmd leaked authentication token in job output logs

Summary Log output includes authentication token that provides full account access Details The post job action prints the contents of config/config.vdf which holds the saved authentication token and can be used to sign in on another machine. This means any public use of this action leaves...

6.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/20 7:10 a.m.14 views

BIT-HARBOR-2022-31671 Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs...

7.4CVSS7.2AI score0.00513EPSS
Exploits0References3
NVD
NVD
added 2024/11/14 12:15 p.m.18 views

CVE-2022-31671

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs...

7.4CVSS0.00513EPSS
Exploits0References2
OSV
OSV
added 2024/11/14 12:15 p.m.14 views

CVE-2022-31671

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs...

7.4CVSS6.4AI score
Exploits0References2
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.6 views

Harbor 授权问题漏洞

Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policy and role-based access control to ensure that images are scanned and are not vulnerable, and that images are signed as trusted. Harbor suffers from an authorization issue vulnerability that stems from...

7.4CVSS6.5AI score0.00513EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:14 a.m.29 views

BIT-GITLAB-2022-3279

An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs...

6.5CVSS6.2AI score0.00946EPSS
Exploits0References4
Veracode
Veracode
added 2023/08/06 5:37 a.m.23 views

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. A malicious user is able to prevent access to job logs due to an unhandled exception in job log parsing, which causes the application to crash...

6.5CVSS6.8AI score0.00946EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/03/28 9:30 p.m.20 views

GHSA-C4JR-VJM4-27HQ Veracode Scan Jenkins Plugin vulnerable to information disclosure

Veracode Scan Jenkins Plugin before 23.3.19.0 is vulnerable to information disclosure of proxy credentials in job logs under specific configurations. Users are potentially affected if they: - are using Veracode Scan Jenkins Plugin prior to 23.3.19.0 - AND have configured Veracode Scan to run on...

4.4CVSS5.3AI score0.00647EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.6 views

PT-2023-20273 · Veracode · Veracode Scan Jenkins Plugin

Name of the Vulnerable Software and Affected Versions: Veracode Scan Jenkins Plugin versions prior to 23.3.19.0 Description: The issue allows users with access to view the job log to discover proxy credentials under specific configurations. This includes when the "Connect using proxy" option is...

6.5CVSS5.6AI score0.00647EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/10/20 12:0 a.m.40 views

GitLab < 15.2.5 (CVE-2022-3279)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs...

6.5CVSS6.5AI score0.00946EPSS
Exploits0References4
Rows per page
Query Builder