30 matches found
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2022-37164
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes...
CVE-2022-37164
CVE-2022-37164 affects Inoda OnTrack version 3.4. The issue is a weak password policy that enables brute-force access and password hashes stored without salt or pepper, making cracking with tools like hashcat feasible. This combination creates a risk of unauthorized access to the application. The...
PT-2022-23852 · Inoda · Inoda Ontrack
Name of the Vulnerable Software and Affected Versions: Inoda OnTrack version 3.4 Description: The issue is related to a weak password policy, allowing potential unauthorized access via brute-force attacks. User passwords are hashed without a salt or pepper, making it easier for tools like hashcat...
OnTrack 安全漏洞
OnTrack is a simple self-hosted budget application from the individual developer Isaac Noda. OnTrack version v3.4 suffers from a security vulnerability that stems from the use of a weak password policy that allows an attacker to potentially gain unauthorized access to the application through brut...
GHSA-6882-385P-HHHW Cross-site Scripting in Jenkins ontrack Jenkins Plugin
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
Cross-site Scripting in Jenkins ontrack Jenkins Plugin
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
Cross site scripting
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
CVE-2022-34192
CVE-2022-34192 affects Jenkins ontrack Jenkins Plugin 4.0.0 and earlier. The vulnerability is a stored cross-site scripting (XSS) flaw where the plugin fails to escape the names of specific Ontrack parameters (Multi Parameter, Parameter, and SingleParameter) on views that display parameters. This...
PT-2022-22061 · Jenkins +1 · Jenkins +2
Name of the Vulnerable Software and Affected Versions: Jenkins ontrack Jenkins Plugin versions 4.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name of certain parameters on views displaying parameters...
Sandbox bypass in ontrack Jenkins Plugin
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...
GHSA-QW28-G63M-JXQV Sandbox bypass in ontrack Jenkins Plugin
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...
CVE-2019-10306
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...