Lucene search
K

117 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.30 views

Oracle Application Testing Suite DoS (January 2024 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service vulnerability as referenced in the January 2024 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for We...

7.5CVSS6.1AI score0.01303EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.40 views

Oracle Application Testing Suite DoS (October 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service vulnerability as referenced in the October 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for We...

7.7CVSS7.9AI score0.1158EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/07/21 12:0 a.m.31 views

Oracle Application Testing Suite (Jul 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apach...

9.8CVSS7.2AI score0.66537EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.38 views

Oracle Application Testing Suite (Apr 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...

7.5CVSS6.8AI score0.10448EPSS
Exploits0References5
OSV
OSV
added 2023/04/02 9:30 p.m.15 views

GHSA-WQ3W-3RXH-VCXX Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery

OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier does not require POST requests for a connection test HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS4.8AI score0.00361EPSS
Exploits0References2
OSV
OSV
added 2023/04/02 9:30 p.m.15 views

GHSA-X263-HP5C-P2RJ Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery

OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials. Additionally, these endpoints do not...

4.3CVSS8.7AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2023/04/02 9:30 p.m.22 views

GHSA-J9H4-P6P7-8652 Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture

OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2023/04/02 9:30 p.m.19 views

GHSA-MJG3-2V66-P34J Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration

OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

4.3CVSS4.6AI score0.00409EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.27 views

Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery

OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier does not require POST requests for a connection test HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS5.3AI score0.00361EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.23 views

Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials. Additionally, these endpoints ...

4.3CVSS5.3AI score0.00425EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.22 views

Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture

OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score0.00509EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.28 views

Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration

OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

4.3CVSS5.2AI score0.00409EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/02 9:30 p.m.28 views

Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery

OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials. Additionally, these endpoints do not...

8.8CVSS8.2AI score0.00362EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/04/02 9:15 p.m.24 views

CVE-2023-28675

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

4.3CVSS4.8AI score0.00425EPSS
Exploits0References1
NVD
NVD
added 2023/04/02 9:15 p.m.24 views

CVE-2023-28674

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials...

8.8CVSS8.7AI score0.00362EPSS
Exploits0References1
OSV
OSV
added 2023/04/02 9:15 p.m.4 views

CVE-2023-28673

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2023/04/02 9:15 p.m.32 views

CVE-2023-28672

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.6AI score0.00509EPSS
Exploits0References1
NVD
NVD
added 2023/04/02 9:15 p.m.28 views

CVE-2023-28673

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.8AI score0.00409EPSS
Exploits0References1
Prion
Prion
added 2023/04/02 9:15 p.m.19 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.3CVSS4.5AI score0.00361EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/02 9:15 p.m.16 views

Design/Logic Flaw

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4CVSS6.2AI score0.00509EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder