Collision Attack

jenkins-2-plugins is vulnerable to Collision Attacks. The vulnerability is possible because it uses the weak hashing algorithm, SHA-1 to store whole-script approvals, making it vulnerable to collision attacks...

Arbitrary Code Execution

jenkins-2-plugins is vulnerable to Arbitrary Code Execution. An attacker can inject and execute arbitrary code within the Jenkins JVM controller through the maliciously crafted untrusted libraries or pipelines...

Information Disclosure

jenkins-2-plugins is vulnerable to Information Disclosure. The vulnerability exists due to the non-constant time comparison function in the library when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook...

Authorization Bypass

jenkins-2-plugins is vulnerable to Authorization Bypass. The library does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

Information Disclosure

jenkins-2-plugins is vulnerable to Information Disclosure. An attacker with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins...

WordPress plugin WP Statistics 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery vulnerabili...

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

Multiple e-plugins - Subscriber+ Privilege Escalation

The plugins, sold by the same developer e-plugins, do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function ivdirectoriesupdateprofilesetting uses updateusermeta with any data provided by the ajax call, which can be used to give the logged in...

Jenkins plugins Multiple Vulnerabilities (2022-10-19)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugi...

com.github.vzakharchenko:chillispot-radius-plugin (=1.4.10), com.github.vzakharchenko:cisco-radius-plugin (=1.4.10) +53 more potentially affected by CVE-2022-1274 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=20.0.4)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.3.0-20.0.1, =0.4.5-20.0.2, =0.6, =0.2, =0.7 and more Source cves: CVE-2022-1274 Source advisory: OSV:GHSA-M4FV-GM5M-4725...

com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.4.10 <=1.4.11) +55 more potentially affected by CVE-2022-1438 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=21.0.0)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.3.2, =0.6, =0.2, =0.7 and more Source cves: CVE-2022-1438 Source advisory: OSV:GHSA-W354-2F3C-QVG9...

Malicious Package

Overview supchat-plugins is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

CVE-2023-23865

Cross-Site Request Forgery CSRF vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin = 1.4.10 leads to settings change...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin = 1.4.10 leads to settings change...

PT-2023-19265 · WordPress · Checkout Plugins Stripe Payments For Woocommerce

Name of the Vulnerable Software and Affected Versions: Checkout Plugins Stripe Payments For WooCommerce plugin versions 1.4.10 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which can lead to changes in settings. Recommendations: For versions...

[SECURITY] Fedora 37 Update: kwayland-integration-5.27.1-1.fc37

Provides integration plugins for various KDE Frameworks for Wayland...

jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin

A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and...

[SECURITY] Fedora 37 Update: OpenImageIO-2.4.8.1-1.fc37

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

container-tools:rhel8 bug fix and enhancement update

An update is available for module.cockpit-podman, module.fuse-overlayfs, conmon, module.conmon, libslirp, podman, module.udica, module.container-selinux, buildah, crun, module.runc, slirp4netns, oci-seccomp-bpf-hook, module.python-podman, module.buildah, fuse-overlayfs, module.criu,...

container-tools:4.0 bug fix update

An update is available for module.cockpit-podman, module.fuse-overlayfs, conmon, module.conmon, libslirp, podman, module.udica, module.container-selinux, buildah, crun, module.runc, slirp4netns, oci-seccomp-bpf-hook, module.python-podman, module.buildah, fuse-overlayfs, module.criu,...