10 matches found
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
EUVD-2022-3634
Malicious code in bioql PyPI...
JetBrains TeamCity Authorization Issues Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity has an authorization issue...
ownCloud Security Breach
ownCloud is a personal cloud storage solution from US-based ownCloud, Inc. A security vulnerability exists in ownCloud core versions 10.6.0 through 10.13.0, which can be exploited to bypass WebDAV Api authentication using a pre-signed URL...
Exposure of Sensitive Information in Gradle publish plugin
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
GHSA-CV78-V957-JX34 Exposure of Sensitive Information in Gradle publish plugin
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
Code injection
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
CVE-2020-7599
CVE-2020-7599 affects the Gradle plugin com.gradle.plugin-publish prior to 0.11.0. When a plugin is published with Gradle running at --info, the Gradle Logger may expose an AWS pre-signed URL in build logs. If such logs are publicly accessible, an attacker could leverage the URL to replace a rece...