24 matches found
EUVD-2022-1886
Malicious code in bioql PyPI...
EUVD-2022-2647
Malicious code in bioql PyPI...
CVE-2019-1003043
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Moniorg - Tool That Leverages Crt.Sh Website To Monitor Domains Of A Target
By looking through CT logs an attacker can gather a lot of information about organization's infrastructure i.e. internal domains,email addresses in a completly passive manner. moniorg leverage certificate transparency logs to monitor for newly issued domains based on organization field in their S...
Malicious Package
Overview slack-notification is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious code in helix-slack-notification (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9520877ee689f4ae7ba25d861168d154264a54e831d5496ceb94a7e46fa8a365 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3594 Malicious code in helix-slack-notification (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9520877ee689f4ae7ba25d861168d154264a54e831d5496ceb94a7e46fa8a365 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in slack-notification (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ee93f4c06b6c956c91b01c4f2d5eb9786fb5d5e54a6673f8ea80a21d38a7ae2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6158 Malicious code in slack-notification (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ee93f4c06b6c956c91b01c4f2d5eb9786fb5d5e54a6673f8ea80a21d38a7ae2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-22XP-7RCX-XP34 Jenkins Slack Notification Plugin missing permission check
Jenkins Slack Notification Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
Miteru - An Experimental Phishing Kit Detection Tool
Miteru is an experimental phishing kit detection tool. How it works It collects phishy URLs from the following feeds: CertStream-Suspicious feed via urlscan.io OpenPhish feed via urlscan.io PhishTank feed via urlscan.io Ayashige feed It checks each phishy URL whether it enables directory listing...
CloudBees Jenkins CSRF Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Slack Notification Plugin is used in one of t...
CloudBees Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2019-09290)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Slack Notification Plugin is used in one of t...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Design/Logic Flaw
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003043
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003043
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003044
Summary: CVE-2019-1003044 is a CSRF vulnerability in Jenkins Slack Notification Plugin version 2.19 and earlier. The issue allows an attacker to craft a request that connects to an attacker-chosen URL using credentials IDs that an attacker can obtain by other means, potentially exposing credentia...