Apache APISIX - Remote Code Execution

A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different...

EUVD-2022-6269

Malicious code in bioql PyPI...

EUVD-2022-3501

Malicious code in bioql PyPI...

CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

CVE-2021-21674

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

CVE-2021-21675

A cross-site request forgery CSRF vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests...

WordPress plugin WooCommerce Warranty Requests Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-33317

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WooCommerce Returns and Warranty Requests plugin = 2.1.6 versions...

CVE-2023-33317 WordPress WooCommerce Warranty Requests Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WooCommerce Returns and Warranty Requests plugin = 2.1.6 versions...

Jenkins plugins Multiple Vulnerabilities (2022-06-30)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulti...

Jenkins Plugin requests-plugin授权问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Plugin requests-plugin version...

Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests. This is basically the...

GHSA-6XHF-XX3J-75F5 Incorrect Authorization in Jenkins requests-plugin

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. requests-plugin Plugin 2.2.17 requires Overall/Administer permission to view the list of pending requests. This is basically the...

CVE-2022-34782

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

CVE-2022-34782

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

CVE-2022-34782

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

Design/Logic Flaw

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

CVE-2022-34782

Summary: CVE-2022-34782 is an authorization flaw in the Jenkins requests-plugin (version 2.2.16 and earlier) where attackers with Overall/Read permission can view the list of pending requests due to an incorrect permission check. Affected software: Jenkins requests-plugin, up to and including 2.2...

CVE-2022-34782

An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests...

PT-2022-22333 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins requests-plugin Plugin versions 2.2.16 and earlier Description: An incorrect permission check in the Jenkins requests-plugin Plugin allows attackers with Overall/Read permission to view the list of pending requests. This issue is...