CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41944

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

Design/Logic Flaw

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

CVE-2023-41942

The CVE-2023-41942 entry concerns a CSRF vulnerability in the Jenkins AWS CodeCommit Trigger Plugin. Affected software: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier. Root cause: cross-site request forgery that enables an attacker to clear the SQS queue. Impact: described as a...

CVE-2023-41942

A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...

CVE-2023-41943

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...

Jenkins Plugin AWS CodeCommit Trigger Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. Jenkins Plugin AWS...

Jenkins Plugin AWS CodeCommit Trigger Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-28180 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to clear the SQS queue. Recommendations: For Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12...

PT-2023-28181 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: The issue arises from a lack of permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. This can be exploited...

PT-2023-5190 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability in the Linux kernel's net/sched: sch qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the...

fuse-backend-rs (>=0.10.5 <=0.12.0), linux-loader (>=0.8.0 <=0.9.0) +6 more potentially affected by CVE-2023-41051 via vm-memory (>=0.10.0 <=0.11.0)

vm-memory CARGO version =0.10.0, =0.10.5, =0.8.0, =0.6.0, =0.8.0, =0.7.0, =0.4.0, =0.2.0, =1.5.1, =1.6.1 Source cves: CVE-2023-41051 Source advisory: OSV:GHSA-49HH-FPRX-M68G...

CVE-2023-20849

In imgsyscmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350...

CVE-2023-20844

In imgsyscmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121...

Noticing exceptionally high current client connections for a single server within the service group

Go check Load Balance Virtual Server's Statistics data, under theBound Service Group Members Summary tab,you've observed that the Current client connection count of specific server is significantly higher than the other servers within the same service group. In NS shell mode, "nsconmsg ConLb=2...