Jenkins Plugin GitHub Pull Request Builder 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

simple-git 安全漏洞

simple-git is a lightweight interface for running git commands in any node.js application. A security vulnerability exists in simple-git prior to version 3.16.0, which stems from the clone, pull, push, and listRemote methods not being properly cleaned up and escaped...

CVE-2022-25860

Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912...

CVE-2023-24435

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2023-19594 · Jenkins · Jenkins Github Pull Request Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

PT-2023-19595 · Jenkins · Jenkins Github Pull Request Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...

CVE-2023-24436

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-24434

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2023-19596 · Jenkins · Jenkins Github Pull Request Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Pull Request Builder Plugin versions 1.42.2 and earlier Description: A missing permission check in the Jenkins GitHub Pull Request Builder Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of...

CVE-2023-24436

CVE-2023-24436 affects Jenkins GitHub Pull Request Builder Plugin (versions

CVE-2023-24442

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

Trellix Advanced Research Center patches 61,000 vulnerable open-source projects

Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...

Trellix Advanced Research Center patches 61,000 vulnerable open-source projects

Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...

GSD-2023-1001575 skbuff: Account for tail adjustment during pull operations

skbuff: Account for tail adjustment during pull operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...

GSD-2023-1001363 skbuff: Account for tail adjustment during pull operations

skbuff: Account for tail adjustment during pull operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001040 skbuff: Account for tail adjustment during pull operations

skbuff: Account for tail adjustment during pull operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

GSD-2023-1000618 skbuff: Account for tail adjustment during pull operations

skbuff: Account for tail adjustment during pull operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

Brave 操作系统命令注入漏洞

Brave is a fast, private and secure web browser from Brave USA. Brave UX for-the-badge suffers from an operating system command injection vulnerability that stems from several unknown functions in its .github/workflows/combine-prs.yml file that allows an attacker to implement system command...

Remote Code Execution (RCE)

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to...