22 matches found
EUVD-2022-3909
Malicious code in bioql PyPI...
EUVD-2023-2844
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-46673
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate...
GitLab 13.0 < 13.3.9 / 13.4.0 < 13.4.5 / 13.5.0 < 13.5.2 (CVE-2020-13351)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affecte...
BIT-ELASTICSEARCH-2023-46673
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
SUSE CVE-2023-46673
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
CVE-2023-46673
A flaw was found in Elasticsearch. A malicious script used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. Mitigation No mitigation is yet available for this flaw...
Elasticsearch Improper Handling of Exceptional Conditions
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
CVE-2023-46673
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
Code injection
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
UBUNTU-CVE-2023-46673
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
CVE-2023-46673
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API...
CVE-2023-46673
CVE-2023-46673 affects Elastic Elasticsearch. Malformed scripts in the script processor of an Ingest Pipeline can cause an Elasticsearch node to crash when calling the Simulate Pipeline API, enabling a denial of service. The vulnerability is tied to the Simulate Pipeline API handling and may impa...
io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)
org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...
plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...
plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...
PT-2022-26893 · Jenkins · Jenkins Pipeline: Supporting Apis Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Supporting APIs Plugin versions 838.va 3a 087b 4055b and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Pipeline: Supporting APIs Plugin does not...
com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +37 more potentially affected by CVE-2019-1010241 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.16)
org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2019-1010241 Source advisory: SNYK:JAVA-ORGJENKINSCIPLUGINS-9402853...
GHSA-G74W-93CP-5P3P Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin
When pipelines are created using the pipeline creation wizard in Blue Ocean, the credentials used are stored in the per-user credentials store of the user creating the pipeline. To allow pipelines to use this credential to scan repositories and checkout from SCM, the Blue Ocean Credentials Provid...
CVE-2020-13351
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are =13.0, =13.4.0, =13.5.0, 13.5.2...