Security Bulletin: Vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava. Vulnerabilities include allowing a malicious user to modify the prototype of "Object" via proto, causing the addition...

CVE-2022-27201

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

EUVD-2023-0515

Malicious code in bioql PyPI...

CVE-2023-24429

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2022-25883

...

007putra-my-bot (=1.1.1), 03-asenkronsdasdsadavehttprequest (=1.0.0) +17773 more potentially affected by CVE-2022-25883 via semver (>=7.0.0 <=7.5.1)

semver NPM version =7.0.0, =7.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on semver and may be impacted: - 007putra-my-bot =1.1.1 - 03-asenkronsdasdsadavehttprequest =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 -...

PT-2023-4569 · Npm +5 · Semver +5

Name of the Vulnerable Software and Affected Versions: semver versions prior to 7.5.2 semver versions prior to 6.3.1 on the 6.x branch semver versions prior to 5.7.2 Description: The issue is related to the use of a regular expression with inefficient computational complexity in the semver packag...

GHSA-H8P8-6378-649P XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

GHSA-PCC2-W6M8-X5W4 Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24429

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24429

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

Server side request forgery (ssrf)

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...

Xxe

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Jenkins Plugin Semantic Versioning 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Plugin Semantic Versioning 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...

CVE-2023-24430

CVE-2023-24430 affects Jenkins Semantic Versioning Plugin 1.14 and earlier, where the XML parser is not configured to prevent XML external entity (XXE) attacks. This XXE flaw could enable an attacker able to influence agent/controller parsing to exfiltrate data or affect processing. The issue is ...