Jenkins Pipeline Multibranch Plugin Arbitrary File Read Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Pipeline Multibranch Plugin 706.vd43c65dec013 and earlier versions contain an arbitrary file reading vulnerability...

Improper Authorization

librenms is vulnerable to improper authorization. The vulnerability exists due to the lack of validation of the user's role and level allowing an attacker to switch on/off installed plugins...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.7.43 security update

Red Hat OpenShift Container Platform release 4.7.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-25177 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-25177 Source advisory: OSV:GHSA-Q234-X887-9RXH...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +94 more potentially affected by CVE-2022-25176 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.92)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2022-25176 Source advisory: OSV:GHSA-6473-GQRJ-4P6...

io.fabric8.jenkins.plugins:openshift-sync (>=0.9.1 <=1.0.45), io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.2.0-beta-1) +18 more potentially affected by CVE-2022-25179 via org.jenkins-ci.plugins.workflow:workflow-multibranch (>=2.0 <=2.20)

org.jenkins-ci.plugins.workflow:workflow-multibranch MAVEN version =2.0, =0.9.1, =1.0-alpha-1, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =1.1.0, =1.0-alpha-1, =2.0, =2.0, =1.0, =1.6, =1.6-beta-2 and more Source cves: CVE-2022-25179 Source advisory:...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +38 more potentially affected by CVE-2022-25183 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.7)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.2.0, =1.0, =1.0, =1.0, =0.1-beta-5, =2.5 and more Source cves: CVE-2022-25183 Source advisory: OSV:GHSA-PFWP-Q984-W7WH...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +38 more potentially affected by CVE-2022-25182 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.7)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.2.0, =1.0, =1.0, =1.0, =0.1-beta-5, =2.5 and more Source cves: CVE-2022-25182 Source advisory: OSV:GHSA-7RCW-FWFH-2H2G...

RHEL 8 : OpenShift Container Platform 4.7.43 (RHSA-2022:0491)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0491 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

The vulnerability of Containerd’s execution environment, related to deficiencies in access control to root directories and plugins, allows a malicious actor to gain read and write access to files.

The vulnerability of Containerd’s execution environment is related to deficiencies in restricting access to root directories and plugins. Exploiting this vulnerability can allow an attacker to gain read and modify access to files...

CVE-2022-25178

Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system...

CVE-2022-0201

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...

Persistence – Notepad++ Plugins

It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading - Persistence - Notepad++ Plugins...

Persistence – Notepad++ Plugins

It is not uncommon a windows environment especially dedicated servers which are managed by developers or IT staff to have installed the Notepad++ text editor.… Continue reading - Persistence - Notepad++ Plugins...

com.netflix.ndbench:ndbench-cli (>=0.3.12 <=0.7.4), com.netflix.ndbench:ndbench-geode-plugins (>=0.3.5 <=0.7.4) +9 more potentially affected by CVE-2019-10091 via org.apache.geode:geode-core (>=1.0.0-incubating <=1.0.0-incubating.M3)

org.apache.geode:geode-core MAVEN version =1.0.0-incubating, =0.3.12, =0.3.5, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating.M2, =1.0.0-incubating, =1.0.0-incubating, =1.0.0.APACHE-GEODE-INCUBATING-M2, =1.0.0.INCUBATING-RELEASE Source cves: CVE-2019-10091 Source advisory:...

ca.vanzyl.concord.plugins:ccd-plugin (>=0.0.57 <=0.0.59), ca.vanzyl.concord.plugins:concord-k8s-plugin (>=0.0.1 <=0.9.3) +69 more potentially affected by CVE-2020-10591 via com.walmartlabs.concord:concord-common (>=1.0.0 <=1.43.0)

com.walmartlabs.concord:concord-common MAVEN version =1.0.0, =0.0.57, =0.0.1, =0.0.4, =0.0.1, =1.100.0, =1.0.0, =1.17.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.100.0, =1.0.0, =1.0.0, =1.103.1 and more Source cves: CVE-2020-10591 Source advisory:...

WordPress < 5.8.3 - Object Injection Vulnerability

At the time of writing, WordPress powers 43% of websites on the Internet. Its simplicity and robustness enable millions of users to host their blog, eCommerce site, forum, or static website. To protect its users, several security hardening mechanisms were introduced to the code base in the past. ...

CVE-2021-25084

The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for...

WordPress plugin 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the Advanced Cron Manager WordPress plugin and the Advanced Cro...

IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts

IDACode makes it easy to execute and debug Python scripts in your IDA environment without leaving Visual Studio Code. The VS Code extension can be found on the marketplace. IDACode is still in a very early state and bugs are to be expected. Please open a new issue if you encounter any issues...