More reporting GLPI plugin SQL注入漏洞

The More Reporting GLPI plugin is an open-source report generation plugin developed by GLPI Project Plugins. Versions of the More Reporting GLPI plugin prior to 1.9.4 contained a SQL injection vulnerability, which stemmed from SQL injection issues when date fields were modified...

WordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin NikanWP WooCommerce Reporting versions = 1.0.0...

EUVD-2016-1162

Malware in sbrugna...

CVE-2022-41244

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...

GHSA-XMVG-335G-X44Q The OpenSearch reporting plugin improperly controls tenancy access to reporting resources

Summary An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The lack of...

GHSA-PXP5-G66H-WPV2 Missing hostname validation in Jenkins View26 Test-Reporting Plugin

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...

Input validation

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...

CVE-2022-41244

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...

CVE-2022-41244

CVE-2022-41244 concerns Jenkins View26 Test-Reporting Plugin, versions 1.0.7 and earlier. The issue is that the plugin does not perform hostname validation when connecting to the configured View26 server, which could be abused in a man-in-the-middle attack to intercept connections. The provided c...

CVE-2022-41244

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...

GHSA-5RC5-4C5C-4CWX Jenkins View26 Test-Reporting Plugin stores access token in plain text

Jenkins View26 Test-Reporting Plugin stores an access token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix...

[SECURITY] Fedora 34 Update: golang-github-googleapis-gnostic-0.5.3-5.fc34

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

Unspecified Vulnerability in CloudBees Jenkins View26 Test-Reporting Plugin

CloudBees Jenkins Hudson Labs is a set of U.S. CloudBees company based on Java development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . View26 Test-Reporting Plugin is used in one of the...

CVE-2019-10452

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Design/Logic Flaw

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10452

CVE-2019-10452 affects the Jenkins View26 Test-Reporting Plugin, where credentials are stored unencrypted in job config.xml on the Jenkins controller/master. This plaintext storage can be read by users with Extended Read permission or with access to the master/controller filesystem, increasing ri...

CVE-2019-10452

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Elasticsearch X-Pack and Reporting Plugin Information Disclosure Vulnerability

Elasticsearch X-Pack is a Dutch Elasticsearch company Elastic Stack log analysis system extension. reporting is a plug-in application in which it can also be used independently. A security vulnerability exists in the Reporting feature in Elasticsearch X-Pack versions prior to 5.5.2 and Reporting...

Security feature bypass

The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reportinguser role could execute a report with the permissions of another reporting user, possibly gaining access to...

Kibana Reporting Plugin Cross-Site Request Forgery Vulnerability

Kibana is an open source data visualization plugin for Elasticsearch. A cross-site request forgery vulnerability exists in the Kibana Reporting plugin, which allows an attacker to generate redundant reports by tricking authenticated Kibana users into visiting specially designed pages...