30 matches found
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2022-37164
CVE-2022-37164 affects Inoda OnTrack version 3.4. The issue is a weak password policy that enables brute-force access and password hashes stored without salt or pepper, making cracking with tools like hashcat feasible. This combination creates a risk of unauthorized access to the application. The...
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
PT-2022-23852 · Inoda · Inoda Ontrack
Name of the Vulnerable Software and Affected Versions: Inoda OnTrack version 3.4 Description: The issue is related to a weak password policy, allowing potential unauthorized access via brute-force attacks. User passwords are hashed without a salt or pepper, making it easier for tools like hashcat...
OnTrack 安全漏洞
OnTrack is a simple self-hosted budget application from the individual developer Isaac Noda. OnTrack version v3.4 suffers from a security vulnerability that stems from the use of a weak password policy that allows an attacker to potentially gain unauthorized access to the application through brut...
Cross-site Scripting in Jenkins ontrack Jenkins Plugin
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
GHSA-6882-385P-HHHW Cross-site Scripting in Jenkins ontrack Jenkins Plugin
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
Cross site scripting
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
CVE-2022-34192 affects Jenkins ontrack Jenkins Plugin 4.0.0 and earlier. The vulnerability is a stored cross-site scripting (XSS) flaw where the plugin fails to escape the names of specific Ontrack parameters (Multi Parameter, Parameter, and SingleParameter) on views that display parameters. This...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
PT-2022-22061 · Jenkins +1 · Jenkins +2
Name of the Vulnerable Software and Affected Versions: Jenkins ontrack Jenkins Plugin versions 4.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name of certain parameters on views displaying parameters...
GHSA-QW28-G63M-JXQV Sandbox bypass in ontrack Jenkins Plugin
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...
Sandbox bypass in ontrack Jenkins Plugin
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...
CVE-2019-10306
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...