2242 matches found
CVE-2023-30513
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
CVE-2023-30515
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
CVE-2023-30514
Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
CVE-2023-30514
Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
Jenkins Plugin Azure Key Vault 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-22744 · Jenkins · Jenkins Thycotic Devops Secrets Vault Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Thycotic DevOps Secrets Vault Plugin versions 1.0.0 and earlier Description: The issue arises from the improper masking of credentials in the build log when push mode for durable task logging is enabled. This means that credentials ar...
Jenkins Plugin Kubernetes 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin Thycotic DevOps Secrets Vault 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-22743 · Jenkins · Jenkins Azure Key Vault Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure Key Vault Plugin versions 187.va cd5fecd198a and earlier Description: The issue arises when the push mode for durable task logging is enabled, causing the plugin to not properly mask credentials in the build log. This means that...
PT-2023-22742 · Jenkins · Jenkins Kubernetes Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Plugin versions 3909.v1f2c633e8590 and earlier Description: The issue arises from the Jenkins Kubernetes Plugin not properly masking credentials in the build log when push mode for durable task logging is enabled. This...
Github token with wide access to Nuxt related repositories leaked in the wild
Description If you visit https://nuxt.com, you will find hardcoded Github token in the source code of the page - ghpYXegsf40mjoFZMPSdntLbrGIBRZYKf0i2FoK. This token has access to multiple repositories under nuxt , nuxtlabs and nuxt-themes Github organisations. https://github.com/nuxt Admin...
Cross-site Scripting (XSS)
vega is vulnerable to Cross-site Scripting XSS attacks. The library does not properly enforce types for its arguments in the lassoAppend function, which allows an attacker to specify any object with a push function. The push function then can be set to any function that has the access to event.vi...
Security Bulletin: IBM Liberty for Java for IBM Cloud is vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)
Summary There is a vulnerability in the Apache CXF library used by IBM Liberty for Java for IBM Cloud with the jaxws-2.2 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a flaw in...
Debian: Security Advisory (DLA-413-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-724-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2023-26487
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
Format string
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
CVE-2023-26487 Vega has cross-site scripting vulnerability in `lassoAppend` function
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
CVE-2023-26487
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...
GHSA-W5M3-XH75-MP55 Vega has Cross-site Scripting vulnerability in `lassoAppend` function
Summary Vega's lassoAppend function: lassoAppend accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument. The type of the 1st argument is supposed to be an array, but it's not enforced. This makes it...