GSD-2022-1000963 gcc-plugins: latent_entropy: use /dev/urandom

gcc-plugins: latententropy: use /dev/urandom This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.4 by commit...

com.blazemeter.plugins:BlazeMeterJenkinsPlugin (>=1.0-beta-1 <=1.08-beta-1), com.brianfromoregon:caliper-ci (=2.1) +434 more potentially affected by CVE-2012-0785 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.424.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.0-beta-1, =1.0, =0.1, =0.1, =0.5, =0.1, =0.6, =0.6, =1.2.2, =1.2.2, =2.3.0, =2.10.1 and more Source cves: CVE-2012-0785 Source advisory: OSV:GHSA-PCHP-C5W8-47GC...

ColumnPack:ColumnPack-plugin (=1.0.3), com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.0 <=1.6.3) +634 more potentially affected by CVE-2012-4439 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.466.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.5, =1.02.03, =1.0, =1.0.6 and more Source cves: CVE-2012-4439 Source advisory: OSV:GHSA-X97G-3GP9-CF2P...

ColumnPack:ColumnPack-plugin (=1.0.3), com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.0 <=1.6.3) +634 more potentially affected by CVE-2012-4438 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.466.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.5, =1.02.03, =1.0, =1.0.6 and more Source cves: CVE-2012-4438 Source advisory: SNYK:JAVA-ORGJENKINSCIMAIN-9402848...

CustomHistory:CustomHistory (>=1.1 <=1.3), com.amazonaws:aws-codepipeline (>=0.9 <=0.45) +158 more potentially affected by CVE-2012-4438 via org.jenkins-ci.main:jenkins-core (>=1.467 <=1.481)

org.jenkins-ci.main:jenkins-core MAVEN version =1.467, =1.1, =0.9, =0.3, =0.10, =1.0.3, =1.3.3, =1.99.0, =2.11.0, =1.8.5, =1.15, =1.6.0, =1.13.1 and more Source cves: CVE-2012-4438 Source advisory: SNYK:JAVA-ORGJENKINSCIMAIN-9402848...

ColumnPack:ColumnPack-plugin (=1.0.3), com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.0 <=1.6.3) +634 more potentially affected by CVE-2012-4439 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.466.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.5, =1.02.03, =1.0, =1.0.6 and more Source cves: CVE-2012-4439 Source advisory: SNYK:JAVA-ORGJENKINSCIMAIN-9402852...

com.github.ozsie:detekt-maven-plugin (>=1.0.0 <=1.19.1), de.manuzid:static-code-review-plugin (>=1.0.0 <=1.1.0) +10 more potentially affected by CVE-2022-0272 via io.gitlab.arturbosch.detekt:detekt-core (>=1.0.0-RC10 <=1.20.0-RC2)

io.gitlab.arturbosch.detekt:detekt-core MAVEN version =1.0.0-RC10, =1.0.0, =1.0.0, =0.9.4, =0.9.6, =0.3.0, =0.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-gradle-rework-beta1, =2.2.0, =2.6.0 Source cves: CVE-2022-0272 Source advisory: OSV:GHSA-2CFC-865J-GM4W...

Remote Code Execution (RCE)

jenkins-2-plugins is vulnerable to remote code execution. The vulnerability exists due to a sandbox bypass allowing an attacker to inject maliciously crafted code into the system...

Privilege Escalation

jenkins-2-plugins is vulnerable to privilege escalation. The vulnerability exists due to a lack of sanitization of the path allowing an attacker to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

OS Command Injection

jenkins-2-plugins is vulnerable to OS command injection. The vulnerability exists due to a lack of sanitization for distinct SCMs for the readTrusted step allowing an attacker with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

CVE-2022-1384

Mattermost version 6.4.x and earlier fails to properly check the plugin version when a plugin is installed from the Marketplace, which allows an authenticated and an authorized user to install and exploit an old plugin version from the Marketplace which might have known vulnerabilities...

CVE-2021-25120

The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross-Site Scripting issues...

OWASP Coraza WAF - A Golang Modsecurity Compatible Web Application Firewall Library

Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity's seclang language and is 100% compatible with OWASP Core Ruleset. Prerequisites Linux distribution Debian and Centos are recommended, Windows i...

Format string

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

com.cloudbees.jenkins.plugins:custom-tools-plugin (>=0.4 <=0.6) potentially affected by CVE-2022-29038 via org.jenkins-ci.plugins:extended-choice-parameter (=0.28)

org.jenkins-ci.plugins:extended-choice-parameter MAVEN version =0.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:extended-choice-parameter and may be impacted: - com.cloudbees.jenkins.plugins:custom-tools-plugin =0.4, =0.6...

Jenkins Subversion Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Subversion Plugin is vulnerable to cross-site request forgery, which can be exploited by an attacker to connect to ...

Multiple Plugins from Cool Plugins - Subscriber+ Arbitrary Plugin Installation & Activation

Multiple plugins from the Cool Plugins vendor are missing capability and proper CSRF check in the coolpluginsinstall and coolpluginsactivate AJAX actions, available to any authenticated users, allowing them to install and activate arbitrary plugins via an archive hosted on a remote server they...

WordPress plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2022-0920

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data...

CVE-2022-0919

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number ...