4345 matches found
CVE-2023-40340
Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in Pipeline build logs...
CVE-2023-40340
Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in Pipeline build logs...
Jenkins Plugin NodeJS 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-5741 · Jenkins · Jenkins Nodejs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins NodeJS Plugin versions 1.6.0 and earlier Description: The issue is related to the improper masking of credentials in the Npm config file in Pipeline build logs. This could allow a remote attacker to gain unauthorized access to protect...
CVE-2023-23919 affecting package nodejs 14.21.1-3
CVE-2023-23919 affecting package nodejs 14.21.1-3. An upgraded version of the package is available that resolves this issue...
CVE-2023-23918 affecting package nodejs 14.21.1-3
CVE-2023-23918 affecting package nodejs 14.21.1-3. An upgraded version of the package is available that resolves this issue...
CVE-2023-23920 affecting package nodejs 14.21.1-3
CVE-2023-23920 affecting package nodejs 14.21.1-3. An upgraded version of the package is available that resolves this issue...
CVE-2023-32006 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32006 vulnerabilities
Vulnerabilities for packages: nodejs...
AZL-27941 CVE-2023-32006 affecting package nodejs for versions less than 16.20.2-2
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
AZL-27926 CVE-2023-32006 affecting package nodejs18 for versions less than 18.17.1-2
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
ALPINE-CVE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
CVE-2023-32004 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32004 vulnerabilities
Vulnerabilities for packages: nodejs...
DEBIAN-CVE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
CVE-2023-32003 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-32003 vulnerabilities
Vulnerabilities for packages: nodejs...
SUSE CVE-2023-32003
fs.mkdtemp and fs.mkdtempSync can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the...
SUSE CVE-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...
CVE-2023-32558
A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the permission model through path traversal. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...