33 matches found
CVE-2020-23452
CVE-2020-23452 affects Selenium Grid v3.141.59. The XSS vulnerability occurs in the hub parameter on the /grid/console page, allowing injection of arbitrary scripts/HTML. Documented impact is privacy/Integrity concerns with low to moderate severity (CVSS v3.1 base 6.1). No patch or remediation de...
Selenium Grid Cross-Site Request Forgery (CVE-2022-28108)
A cross-site request forgery vulnerability exists in Selenium Grid. Successful exploitation of this vulnerability could result in code execution on the affected system...
GHSA-RP4X-XPGF-4XV7 Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection
Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints. This allows attackers to perform the following actions: - Restart the Selenium Grid hub. - Delete or replace the plugin configuration. - Start, stop, or restart Selenium configurations on specific nodes. Through...
Selenium Server Cross-Site Request Forgery Vulnerability
Selenium Grid is an intelligent proxy server for the Selenium community. It can easily run tests in parallel on multiple machines.A cross-site request spoofing vulnerability exists in versions prior to Selenium Server 4, which can be exploited by attackers to spoof malicious requests to trick...
org.seleniumhq.selenium:selenium-session-map-redis (>=4.0.0-alpha-5 <=4.0.0-alpha-6) potentially affected by CVE-2022-28108 via org.seleniumhq.selenium:selenium-grid (>=4.0.0-alpha-5 <=4.0.0-alpha-6)
org.seleniumhq.selenium:selenium-grid MAVEN version =4.0.0-alpha-5, =4.0.0-alpha-5, =4.0.0-alpha-6 Source cves: CVE-2022-28108 Source advisory: OSV:GHSA-H2RR-M97P-6JQ9...
CVE-2022-28109
A flaw was found in the WebDriver endpoint of Selenium Grid suite. A malicious web server can be reached via Cross-Site Request Forgery CSRF and DNS-rebinding attacks. This issue could allow an attacker to execute arbitrary code on the machine...
CVE-2022-28109
Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...
CVE-2022-28109
Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...
Code injection
Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...
CVE-2022-28109
Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...
CVE-2022-28109
Selenium Grid/WebDriver endpoint (Selenium Standalone Server) is affected by a DNS rebinding vulnerability that could allow remote arbitrary code execution. The issue occurs because visiting a malicious remote web server can trigger the vulnerability. A fix exists in 4.0.0-alpha-7; upgrading to t...
CVE-2022-28109
Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...
Selenium Grid 跨站请求伪造漏洞
Selenium Grid is a smart proxy server for the Selenium community. It is easy to run tests in parallel on multiple machines. A security vulnerability exists in Selenium Grid that stems from a problematic component Selenium Grid/Selenium Standalone Server DNS rebinding. An attacker can exploit this...