11 matches found
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
EUVD-2022-3634
Malicious code in bioql PyPI...
JetBrains TeamCity Authorization Issues Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity has an authorization issue...
The vulnerability of the application interface for WebDAV web applications used for syncing data with ownCloud allows a perpetrator to bypass authentication procedures and gain access to read, modify, or delete data.
The vulnerability of the WebDAV application interface for data synchronization with ownCloud is related to initialization errors caused by the lack of configuration of signature keys for pre-signed URL addresses. Exploiting this vulnerability allows an attacker to bypass authentication procedures...
ownCloud Security Breach
ownCloud is a personal cloud storage solution from US-based ownCloud, Inc. A security vulnerability exists in ownCloud core versions 10.6.0 through 10.13.0, which can be exploited to bypass WebDAV Api authentication using a pre-signed URL...
Exposure of Sensitive Information in Gradle publish plugin
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
GHSA-CV78-V957-JX34 Exposure of Sensitive Information in Gradle publish plugin
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
Code injection
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
CVE-2020-7599
CVE-2020-7599 affects the Gradle plugin com.gradle.plugin-publish prior to 0.11.0. When a plugin is published with Gradle running at --info, the Gradle Logger may expose an AWS pre-signed URL in build logs. If such logs are publicly accessible, an attacker could leverage the URL to replace a rece...