GHSA-HR74-2J5V-GHFV Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. Since 1.40.0, the plugin no longer stores serialized objects...

Jenkins GitHub Pull Request Builder Plugin

GitHub Pull Request Builder Plugin stored the webhook secret shared between Jenkins and GitHub in plain text. This allowed users with Jenkins controller local file system access and Jenkins administrators to retrieve the stored password. The latter could result in exposure of the passwords throug...

GHSA-876J-4Q73-7F56 Jenkins GitHub Pull Request Builder Plugin

GitHub Pull Request Builder Plugin stored the webhook secret shared between Jenkins and GitHub in plain text. This allowed users with Jenkins controller local file system access and Jenkins administrators to retrieve the stored password. The latter could result in exposure of the passwords throug...

org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000186 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000186...

GHSA-92RV-MVMJ-47QH Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities

Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...

Strapi 3.6.8 Password Disclosure / Insecure Handling

Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...

GHSA-XCJX-M2PJ-8G79 Manipulated inline images can cause Infinite Loop in PyPDF2

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 user wrote the following code: python from PyPDF2 import PdfFileReader, PdfFileWriter from PyPDF2.pdf import ContentStream reader = PdfFileReader"malicious.pdf", strict=False for page in...

Design/Logic Flaw

Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a4ebbe039 and earlier, except 2.21.3, allows attackers able to submit pull requests or equivalent, but not able to commit directly to the configured SCM, to effectively change the Pipeline behavior by changing the definition of a dynamicall...

Design/Logic Flaw

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. Thi...

CVE-2022-24842 Improper Privilege Management in MinIO

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. Thi...

CVE-2022-24842 Improper Privilege Management in MinIO

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. Thi...

Folder names of "File Drop" share accessible

None...

High memory usage for generating preview of broken image

None...

User enumeration setting not obeyed in User Status API

None...

Geolocation preview links can be set to arbitrary links

None...

CVE-2022-24337

CVE-2022-24337 affects JetBrains TeamCity prior to 2021.2, where health items from pull requests could be exposed to users without the necessary permissions. The issue is documented across multiple sources (NVD entry, Red Hat and CNVD mirrors, and JetBrains security bulletin), all confirming the ...

JetBrains TeamCity 访问控制错误漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...

Ninjasworkout - Vulnerable NodeJS Web Application

Damn Vulnerable NodeJS Application Quick Start Download the Repo = run npm i Afer Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex...