CVE-2023-24449

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

There is no method to unignore any ignored pair.

Lines of code Vulnerability details Impact The Witch contract uses setIgnoredPair function to prevent the liquidation of accepted pairs on the governance level. However, there is no method to remove these pairs from the ignoredPairs mapping. Proof of Concept Imagine there are vaults with UST/fyUS...

GHSA-GQM2-2GCX-P88W Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin

Jenkins Credentials Binding Plugin prior to 1.27.1 and 1.24.1 does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file. Credentials...

CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System

CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System Issued: February 23, 2011 Updated: February 24, 2011 CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System HIPS. A vulnerability exists that can allow ...