21 matches found
EUVD-2019-5813
Malware in sbrugna...
CVE-2024-28823
Amazon AWS aws-js-s3-explorer aka AWS JavaScript S3 Explorer 1.0.0 allows XSS via a crafted S3 bucket name to index.html...
CVE-2022-43426
Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...
CVE-2019-14652
explorer.js in Amazon AWS JavaScript S3 Explorer aka aws-js-s3-explorer v2 alpha before 2019-08-02 allows XSS in certain circumstances...
CVE-2024-28823
Amazon AWS aws-js-s3-explorer aka AWS JavaScript S3 Explorer 1.0.0 allows XSS via a crafted S3 bucket name to index.html...
CVE-2024-28823
Amazon AWS aws-js-s3-explorer aka AWS JavaScript S3 Explorer 1.0.0 allows XSS via a crafted S3 bucket name to index.html...
CVE-2024-28823
Amazon AWS aws-js-s3-explorer aka AWS JavaScript S3 Explorer 1.0.0 allows XSS via a crafted S3 bucket name to index.html...
CVE-2024-28823
CVE-2024-28823 affects Amazon AWS aws-js-s3-explorer (1.0.0) . The vulnerability allows XSS when an attacker uses a crafted S3 bucket name that targets the explorer’s index.html. The root cause is a cross-site scripting vector via user-controlled bucket names, enabling execution of malicious scri...
GHSA-MF4P-WJRM-CMJP AWS secrets displayed without masking by Jenkins S3 Explorer Plugin
S3 Explorer Plugin stores AWSSECRETACCESSKEY in its global configuration file s3explorer.xml on the Jenkins controller as part of its configuration. While this secret is stored encrypted on disk, in S3 Explorer Plugin 1.0.8 and earlier the global configuration form does not mask the...
CVE-2022-43426
Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...
CVE-2022-43426
Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...
Design/Logic Flaw
Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...
CVE-2022-43426
CVE-2022-43426 refers to Jenkins S3 Explorer Plugin versions 1.0.8 and earlier, where the AWS_SECRET_ACCESS_KEY field in the global configuration form is not masked. This creates a risk that an attacker could observe or capture the secret, as described in the CVE entry and corroborated by multipl...
CVE-2022-43426
Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...
PT-2022-26910 · Jenkins · Jenkins S3 Explorer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins S3 Explorer Plugin versions 1.0.8 and earlier Description: The issue concerns the Jenkins S3 Explorer Plugin, where the AWS SECRET ACCESS KEY form field is not masked, increasing the potential for attackers to observe and capture it...
CVE-2022-43426
Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWSSECRETACCESSKEY form field, increasing the potential for attackers to observe and capture it...
Amazon AWS JavaScript S3 Explorer Cross-Site Scripting Vulnerability
Amazon AWS JavaScript S3 Explorer is a set of S3 browsers. A cross-site scripting vulnerability exists in Amazon AWS JavaScript S3 Explorer explorer.js, which can be exploited by remote attackers to inject malicious script or HTML code, which can be used to gain access to sensitive information or...
CVE-2019-14652
explorer.js in Amazon AWS JavaScript S3 Explorer aka aws-js-s3-explorer v2 alpha before 2019-08-02 allows XSS in certain circumstances...
Cross site scripting
explorer.js in Amazon AWS JavaScript S3 Explorer aka aws-js-s3-explorer v2 alpha before 2019-08-02 allows XSS in certain circumstances...
CVE-2019-14652
CVE-2019-14652 affects the Amazon AWS JavaScript S3 Explorer (aws-js-s3-explorer) in the v2 alpha line prior to 2019-08-02. The connected documents specify a Cross-Site Scripting (XSS) vulnerability in explorer.js, enabling injection of malicious script or HTML under certain circumstances when pr...