830 matches found
gitea -- information disclosure
The Gitea Team reports: When a comment in an issue or PR mentions a user using @username, the mentioned user receives a mail notification even if they don't have permission to see the originating repository...
RUSTSEC-2019-0013 Wrong memory orderings in RwLock potentially violates mutual exclusion
Wrong memory orderings inside the RwLock implementation allow for two writers to acquire the lock at the same time. The drop implementation used Ordering::Relaxed, which allows the compiler or CPU to reorder a mutable access on the locked data after the lock has been yielded. Only users of the...
Arbitrary File Write via Archive Extraction
Overview Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.3.18 or later. References - GitHub Pull Request - Zip Slip...
OpenConext-EngineBlock 5.7.3 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 XSS vulnerabilities were found in multiple pages that allows an attacker to inject arbitrary web scripts. The Twig PHP extension configuration was not sanitizing user input before display it to the user. Issues fixed in version 5.7.4 and 5.8.0. Git...
CloudBees Jenkins GitHub Pull Request Builder Plugin Information Disclosure Vulnerability
CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version release/testing projects and some timed tasks.GitHub Pull Request Builder Plugin is used in one of the automatic update of the GitHub code plugin . An information...
CVE-2018-1000186
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
CVE-2018-1000186
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
CVE-2018-1000186
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...
CVE-2018-1000186
Affected software: Jenkins GitHub Pull Request Builder Plugin (GhprbGitHubAuth.java) up to version 1.41.0. The vulnerability allows attackers with Overall/Read access to connect to an attacker‑specified URL using attacker‑provided credentials IDs, enabling capture of credentials stored in Jenkins...
MODX Revolution CMS <= 2.6.3 Stored XSS Vulnerability
MODX CMS is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2018-1000143
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...
CVE-2018-1000142
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...
Design/Logic Flaw
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...
CVE-2018-1000143
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...
CVE-2018-1000142
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...
CVE-2018-1000142
CVE-2018-1000142 affects the Jenkins GitHub Pull Request Builder Plugin (versions 1.39.0 and older). The root cause is exposure of credentials stored in GhprbCause.java, allowing an attacker with local file system access to obtain GitHub credentials. The impact is sensitive credential disclosure ...
CVE-2018-1000143
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...
Regular Expression Denial of Service
Overview Affected versions of string are vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. Recommendation There is currently no direct patch for this vulnerability. Currently, the best solution ...
XSS in pull request inbox
A potential XSS issue was identified in the pull request inbox, and has been fixed in Bitbucket Server 4.12.1...
XSS in pull request inbox
A potential XSS issue was identified in the pull request inbox, and has been fixed in Bitbucket Server 4.12.1...