EUVD-2023-1308

Malicious code in bioql PyPI...

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

GHSA-MJ24-GPW7-23M9 Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal

Impact ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the testitem.path field is exceeded the allowable "ltree" field type indexing limit path length=120 approximately, recursive nesting of the nested steps...

CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

Code injection

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

CVE-2023-30529

CVE-2023-30529 affects the Jenkins Lucene-Search Plugin (versions 387.v938a_ecb_f7fe9 and earlier). The underlying issue is that the plugin’s HTTP endpoint does not require POST requests, enabling cross-site request forgery that can be used to reindex the database. The accompanying sources consis...

CVE-2023-30529

Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...

PT-2023-22757 · Jenkins · Jenkins Lucene-Search Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Lucene-Search Plugin versions 387.v938a ecb f7fe9 and earlier Description: The issue allows attackers to reindex the database due to the lack of requirement for POST requests for an HTTP endpoint, resulting in a cross-site request...

Attachments that are added to drafts while collaborative editing is off are searchable when collaborative editing is turned on

h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce Turn OFF collaborative editing Create a page Add attachment to the page Do not publish the page Try searching for the draft or attachment Enable Collaborative Editing Perform Reindexing Try searching for the draft o...

CVE-2022-2528

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages...

CVE-2022-2528

In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages...

CVE-2022-36910

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...

SUSE: Security Advisory (SUSE-SU-2021:0695-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : postgresql12 (openSUSE-2021-423)

This update for postgresql12 fixes the following issues : Upgrade to version 12.6 : - Reindexing might be needed after applying this update. - CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. This update was imported from the SUSE:SLE-15-SP1:Update update...

OPENSUSE-SU-2021:0423-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: Upgrade to version 12.6: - Reindexing might be needed after applying this update. - CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. This update was imported from the SUSE:SLE-15-SP1:Update update...

SUSE-SU-2021:0695-1 Security update for postgresql12

This update for postgresql12 fixes the following issues: Upgrade to version 12.6: - Reindexing might be needed after applying this update. - CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages...

SUSE SLES12 Security Update : postgresql13 (SUSE-SU-2021:0545-1)

This update for postgresql13 fixes the following issues : Upgrade to version 13.2 : Updating stored views and reindexing might be needed after applying this update. CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. CVE-2021-20229, bsc1182039: Fix failure t...

SUSE SLED15 / SLES15 Security Update : postgresql12 (SUSE-SU-2021:0544-1)

This update for postgresql12 fixes the following issues : Upgrade to version 12.6 : Reindexing might be needed after applying this update. CVE-2021-3393, bsc1182040: Fix information leakage in constraint-violation error messages. Note that Tenable Network Security has extracted the preceding...