Adept 信息泄露漏洞

Adept is a programming language open-sourced by AdeptLanguage. An information disclosure vulnerability exists in versions prior to Adept a1a41b7, which stems from the remoteBuild.yml workflow file potentially disclosing GITHUBTOKEN, which could lead to the push of malicious code...

PT-2024-9847 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12 Description: The issue exists due to the missing Content-Type header in the RemoteBuildLogController response, which could lead to a cross-site scripting XSS attack. This allows a remote attacker t...

podman security update

4.9.4-16.0.1 - Fixes issue of podman execvp error while using podmansh Orabug: 36073625 - Improved saving remote build context to tarfile in Podman daemon Orabug: 36495655 - Add devices on container startup, not on creation - Backport fast gzip for compression Orabug: 36420418 - overlay: Put shou...

podman security update

4.9.4-13.0.1 - Fixes issue of podman execvp error while using podmansh Orabug: 36073625 - Improved saving remote build context to tarfile in Podman daemon Orabug: 36495655 - Add devices on container startup, not on creation - Backport fast gzip for compression Orabug: 36420418 - overlay: Put shou...

podman security update

4.9.4-10.0.1 - Fixes issue of podman execvp error while using podmansh Orabug: 36073625 - Improved saving remote build context to tarfile in Podman daemon Orabug: 36495655 - Add devices on container startup, not on creation - Backport fast gzip for compression Orabug: 36420418 - overlay: Put shou...

podman security update

4.9.4-5.0.1 - Fixes issue of podman execvp error while using podmansh Orabug: 36073625 - Improved saving remote build context to tarfile in Podman daemon Orabug: 36495655 - Add devices on container startup, not on creation - Backport fast gzip for compression Orabug: 36420418 - overlay: Put shoul...

podman security and bug fix update

4.9.4-4.0.1 - Improved saving remote build context to tarfile in Podman daemon Orabug: 36495655 - Add devices on container startup, not on creation - Backport fast gzip for compression Orabug: 36420418 - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat requirement...

BIT-JENKINS-2020-2231

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Toke...

BIT-GRADLE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

CVE-2023-35947

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

CVE-2023-35947 Path traversal vulnerabilities in handling of Tar archives in Gradle

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the...

PT-2023-25398 · Gradle +2 · Gradle +2

Name of the Vulnerable Software and Affected Versions: Gradle versions prior to 7.6.2 Gradle versions prior to 8.2 Description: This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. When unpacking Tar archives, Gradle did no...

Jenkins 2.251 / LTS 2.235.3 Cross Site Scripting

Exploit Title: Jenkins Stored XSS vulnerability in 'Trigger builds remotely' Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: '. To understand how remote build trigger works, have a look at this post...

Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS

Exploit Title: Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: '. To understand how remote build trigger works, have a look at this post:...

jenkins: stored XSS vulnerability in 'trigger builds remotely'

A flaw was found in Jenkins versions prior to 2.251 and LTS 2.235.3. The remote address of hosts starting a build via 'Trigger builds remotely' are not properly escaped leading to a potential stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission or...