Jenkins Kubernetes Continuous Deploy Plugin Permissions Licensing and Access Control Issues Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...

org.jenkins-ci.plugins:project-build-times (>=1.0 <=1.2.1), org.jenkins-ci.plugins:project-stats-plugin (>=0.1 <=0.4) potentially affected by CVE-2022-27197 via org.jenkins-ci.plugins:dashboard-view (>=2.0 <=2.0.2)

org.jenkins-ci.plugins:dashboard-view MAVEN version =2.0, =1.0, =0.1, =0.4 Source cves: CVE-2022-27197 Source advisory: OSV:GHSA-6FG4-36V7-XV32...

com.cloudbees.jenkins.plugins:custom-tools-plugin (>=0.4 <=0.6) potentially affected by CVE-2022-27203 via org.jenkins-ci.plugins:extended-choice-parameter (=0.28)

org.jenkins-ci.plugins:extended-choice-parameter MAVEN version =0.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:extended-choice-parameter and may be impacted: - com.cloudbees.jenkins.plugins:custom-tools-plugin =0.4, =0.6...

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-dev-spaces (>=3.0.0 <=3.0.3) potentially affected by CVE-2022-27209 via org.jenkins-ci.plugins:kubernetes-cd (>=0.1.0 <=0.2.3)

org.jenkins-ci.plugins:kubernetes-cd MAVEN version =0.1.0, =0.1.0, =3.0.0, =3.0.3 Source cves: CVE-2022-27209 Source advisory: OSV:GHSA-23X5-J68G-6JPW...

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-dev-spaces (>=3.0.0 <=3.0.3) potentially affected by CVE-2022-27210 via org.jenkins-ci.plugins:kubernetes-cd (>=0.1.0 <=0.2.3)

org.jenkins-ci.plugins:kubernetes-cd MAVEN version =0.1.0, =0.1.0, =3.0.0, =3.0.3 Source cves: CVE-2022-27210 Source advisory: OSV:GHSA-VQ6C-FVXW-P45V...

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-dev-spaces (>=3.0.0 <=3.0.3) potentially affected by CVE-2022-27208 via org.jenkins-ci.plugins:kubernetes-cd (>=0.1.0 <=0.2.3)

org.jenkins-ci.plugins:kubernetes-cd MAVEN version =0.1.0, =0.1.0, =3.0.0, =3.0.3 Source cves: CVE-2022-27208 Source advisory: OSV:GHSA-FPXQ-W7P9-R924...

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-dev-spaces (>=3.0.0 <=3.0.3) potentially affected by CVE-2022-27211 via org.jenkins-ci.plugins:kubernetes-cd (>=0.1.0 <=0.2.3)

org.jenkins-ci.plugins:kubernetes-cd MAVEN version =0.1.0, =0.1.0, =3.0.0, =3.0.3 Source cves: CVE-2022-27211 Source advisory: OSV:GHSA-794J-HX96-4W3M...

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

...

GHSA-7J52-6FJP-58GR Inconsistent storage layout for ERC2771ContextUpgradeable

Impact The storage layout of the ERC2771ContextUpgradeable is not constant between versions. - versions 4.0.0, 4.1.0 and 4.2.0, the contract has a length of 51 slots. - since 4.3.0, the contract has a length of 50 slots - future versions will continue using 50 slots. This difference in layout cou...

Weechat -- Possible man-in-the-middle attack in TLS connection to servers

The Weechat project reports: After changing the options weechat.network.gnutlscasystem or weechat.network.gnutlscauser, the TLS verification function is lost. Consequently, any connection to a server with TLS is made without verifying the certificate, which could lead to a man-in-the-middle attac...

DEBIAN-CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

UBUNTU-CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.10.3 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

Remote Code Execution (RCE)

jenkins-2-plugins is vulnerable to remote code execution. The vulnerability exists due to the lack of sanitization of the name of an image or a tag...

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

Directory traversal

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

CVE-2021-42767

CVE-2021-42767 describes a directory traversal vulnerability in the APOC procedures of Neo4j Graph Database. The flaw allows reading local files and, in some cases, creating local files via the APOC plugin before version 4.4.0.1. Publicly documented fixes exist: upgrade to 3.5.17, 4.2.10, 4.3.0.4...

CVE-2022-23987

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-23988

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape submitted form data, allowing unauthenticated attacker to submit XSS payloads which will get executed when a privileged user will view the related submission...