CVE-2023-27898

Jenkins 2.270 through 2.393 both inclusive, LTS 2.277.1 through 2.375.3 both inclusive does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting XSS...

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

Jenkins 安全漏洞

Jenkins Plugin is an open source application for Jenkins. A security vulnerability exists in Jenkins Plugin HashiCorp Vault Plugin 3.7.0 that stems from the fact that Jenkins HashiCorp Vault Plugin 3.7.0 or earlier does not block the pipeline when Pipeline: Groovy Plugin 2.85 or later is installe...

Fedora 17 : glpi-0.83.4-1.fc17 / glpi-data-injection-2.2.2-1.fc17 / etc (2012-10661)

The official GLPI 0.83.3 version is now available from download This version correct several minor bugs and a security bug. You are stongly encouraged to update your actual version. Thanks to Prajal Kulkarni. Upstream Changelog Version 0.83.31 - Bug 3633: Check rights for massive actions for...

SocialEngine 4.2.2 - Multiple Vulnerabilities

Social Engine 4.2.2 Multiples Vulnerabilities Earlier versions are also possibly vulnerable. INFORMATION Product: Social Engine 4.2.2 Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Discovered by: Tiago Natel de Moura aka "i4k" Discovered at: 10/04/2012 CVE Notified: 10/04/2012 CVE...