org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000142 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000142...

GHSA-876J-4Q73-7F56 Jenkins GitHub Pull Request Builder Plugin

GitHub Pull Request Builder Plugin stored the webhook secret shared between Jenkins and GitHub in plain text. This allowed users with Jenkins controller local file system access and Jenkins administrators to retrieve the stored password. The latter could result in exposure of the passwords throug...

GHSA-HR74-2J5V-GHFV Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. Since 1.40.0, the plugin no longer stores serialized objects...

Jenkins GitHub Pull Request Builder Plugin

GitHub Pull Request Builder Plugin stored the webhook secret shared between Jenkins and GitHub in plain text. This allowed users with Jenkins controller local file system access and Jenkins administrators to retrieve the stored password. The latter could result in exposure of the passwords throug...

org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2018-1000186 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2018-1000186...

GHSA-92RV-MVMJ-47QH Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

Mercurial arbitrary code execution vulnerability

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

Command Injection

git-pull-or-clone is vulnerable to command injection. A remote attacker is able to inject malicious command-line arguments to be executed on the OS through the gitClone function via the --upload-pack feature of git...

@gotoeasy/count-line-cli (>=1.0.7 <=1.1.5), @pingy/cli (>=0.10.0 <=0.11.2) +5 more potentially affected by CVE-2022-24437 via git-pull-or-clone (>=1.1.0 <=1.3.0)

git-pull-or-clone NPM version =1.1.0, =1.0.7, =0.10.0, =8.0.0, =0.7.8, =0.5.0, =0.1.0, =1.0.1, =1.0.11 Source cves: CVE-2022-24437 Source advisory: OSV:GHSA-3X62-X456-Q2VM...

GHSA-3X62-X456-Q2VM OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities

Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...

Strapi 3.6.8 Password Disclosure / Insecure Handling

Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...

CVE-2022-24437

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

Command injection

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

CVE-2022-24437 Command Injection

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

CVE-2022-24437

The CVE-2022-24437 entry affects git-pull-or-clone prior to 2.0.2. The vulnerability arises from using the --upload-pack feature (also used by git clone) where the outpath argument passed to the secure spawn() call can be manipulated as a command-line argument, enabling arbitrary command injectio...

CVE-2022-24437

The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn. However, the outpath parameter passed to it may be a...

git-pull-or-clone 参数注入漏洞

git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...