Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Multiple Plugins from Wow-Company - Reflected XSS

The plugins do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below The XSS will be triggered when pressing...

Multiple Plugins from Wow-Company - Reflected XSS

The plugins do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below ' / The XSS will be triggered when pressing...

Information Disclosure

org.jenkins-ci.plugins:codedx is vulnerable to Information Disclosure. A remote authenticated attacker with item/read permissions is able to gain access user sensitive information such as the existence of an attacker-specified file path on an agent file system...

WordPress Plugin Groundhogg 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Groundhogg < 2.7.9.8 - Disable All Plugins via CSRF

The plugin does not have CSRF check when enabling Safe-mode on the plugin, which could allow attackers to make logged-in admins perform such action via a CSRF attack leading to disabling all other plugins...

jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin

A Cross-site scripting XSS vulnerability was found in a Jenkins plugin. This issue may allow an authenticated remote attacker to create Pipelines...

Critical: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Oracle Linux 9 : gstreamer1-plugins-good (ELSA-2023-2260)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2260 advisory. 1.18.4-6 - Fixes for CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122 Resolves: rhbz2131034,...

gstreamer1-plugins-good security update

1.18.4-6 - Fixes for CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122 Resolves: rhbz2131034, rhbz2131039, rhbz2131045, rhbz2131049, rhbz2131054, rhbz2131060, rhbz2131064...

Oracle Linux 9 : containernetworking-plugins (ELSA-2023-2367)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2367 advisory. 1:1.2.0-1 - update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0 - Related: 2124478 Tenable has extracted the preceding...

containernetworking-plugins security and bug fix update

1:1.2.0-1 - update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0 - Related: 2124478...

AlmaLinux 9 : gstreamer1-plugins-good (ALSA-2023:2260)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2260 advisory. - Integer overflow in matroskademux element in gstmatroskademuxaddwvpkheader function which allows a heap overwrite while parsing matroska files. Potentia...

AlmaLinux 9 : containernetworking-plugins (ALSA-2023:2367)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2367 advisory. - Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to...

RHEL 9 : gstreamer1-plugins-good (RHSA-2023:2260)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2260 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contai...

RHEL 9 : containernetworking-plugins (RHSA-2023:2367)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:2367 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfac...

VulnCheck KEV: CVE-2023-30777

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...

n8n-nodes-accelo (>=0.1.0 <=0.1.9), n8n-nodes-closeio (=0.1.0) +7 more potentially affected by CVE-2023-27562 via n8n (>=0.138.0 <=0.214.5)

n8n NPM version =0.138.0, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.1.7 Source cves: CVE-2023-27562 Source advisory: OSV:GHSA-P58X-7733-VP9M...

CVE-2023-30777

Summary: CVE-2023-30777 is a reflected XSS affecting the WordPress plugins Advanced Custom Fields (Pro) and Advanced Custom Fields, versioned

VK All in One Expansion Unit < 9.88.2 - Multiple Stored XSS

The plugins do not sanitise and escape some parameters, which could lead to Stored Cross-Site Scripting issues...