Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.10 views

CVE-2026-6873

A flaw was found in Django. A remote attacker could exploit a non-injective salt derivation in django.http.HttpRequest.getsignedcookie by crafting specific cookie name and salt argument pairs. This vulnerability allows the attacker to use a signed cookie in a different context than intended,...

4.3CVSS5.7AI score0.00245EPSS
Exploits0References6
NVD
NVD
added 2026/06/03 2:16 p.m.12 views

CVE-2026-6873

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

4.3CVSS0.00245EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/03 2:16 p.m.13 views

PYSEC-2026-199

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one where...

4.3CVSS5.4AI score0.00245EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/03 1:16 p.m.10 views

EUVD-2026-34086

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

3.1CVSS5.8AI score0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:16 p.m.7 views

CVE-2026-6873

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

3.1CVSS5.8AI score0.00245EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-6873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.7 views

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.6 and 5.2.15 contained security vulnerabilities. These...

4.3CVSS5.4AI score0.00245EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-45947

Name of the Vulnerable Software and Affected Versions Django versions prior to 6.0.6 Django versions prior to 5.2.15 Description An issue exists in the get signed cookie function within django.http.HttpRequest. The function employs a non-injective salt derivation by concatenating the cookie name...

5.3CVSS5.5AI score0.00359EPSS
Exploits0References40
NVD
NVD
added 2026/01/13 8:16 p.m.18 views

CVE-2025-68703

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

8.7CVSS0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/13 7:27 p.m.23 views

CVE-2025-68703 Jervis has a Salt for PBKDF2 derived from password

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

8.7CVSS0.00116EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 7:27 p.m.5 views

CVE-2025-68703 Jervis has a Salt for PBKDF2 derived from password

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

8.7CVSS6.5AI score0.00116EPSS
Exploits0References2
CVE
CVE
added 2026/01/13 7:27 p.m.13 views

CVE-2025-68703

CVE-2025-68703 affects the Jervis library used with Jenkins Job DSL and shared pipelines. Prior to version 2.2, the salt for PBKDF2 is derived from the SHA-256 hash of the passphrase, causing two encryption operations using the same password to yield the same derived key. This design enables pre-...

8.7CVSS6.5AI score0.00116EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/13 7:27 p.m.5 views

CVE-2025-68703 Jervis has a Salt for PBKDF2 derived from password

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

8.7CVSS6.9AI score0.00116EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 2:53 p.m.4 views

GHSA-36H5-VRQ6-PP34 Jervis's Salt for PBKDF2 derived from password

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL869-L870...

8.7CVSS6.9AI score0.00116EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/01/13 2:53 p.m.10 views

Jervis's Salt for PBKDF2 derived from password

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL869-L870...

8.7CVSS7AI score0.00116EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.6 views

PT-2026-2496

Name of the Vulnerable Software and Affected Versions Jervis versions prior to 2.2 Description Jervis, a library for Job DSL plugin scripts and shared Jenkins pipeline libraries, is affected by an issue where the salt used in encryption is derived from the SHA256 sum of the passphrase. This means...

8.7CVSS6.7AI score0.00116EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Jervis 加密问题漏洞

Jervis is an automation tool from the individual developer Sam Gleske. A cryptographic issue vulnerability exists in versions prior to Jervis 2.2 that stems from the SHA-256 and derived salt values from a passphrase, resulting in the same key being generated for the same passphrase...

8.7CVSS5.8AI score0.00116EPSS
Exploits0References3
Rows per page
Query Builder