Lucene search
K

137 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/02/09 6:36 p.m.84 views

Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974

Last week, multiple organizations issued warnings that a ransomware campaign dubbed “ESXiArgs” was targeting VMware ESXi servers, allegedly by leveraging CVE-2021-21974—a nearly two-year-old heap overflow vulnerability. Two years. And yet, Rapid7 research has found that a significant number of ES...

5.8CVSS0.7AI score0.45063EPSS
Exploits7
vulnersOsv
vulnersOsv
added 2023/01/26 9:30 p.m.4 views

org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2023-24423 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.35.0)

com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =428.v5c962d271ba5 Source cves: CVE-2023-24423 Source advisory: OSV:GHSA-95JQ-24CR-PGRQ...

6.5CVSS6.5AI score0.00487EPSS
Exploits0
OSV
OSV
added 2023/01/26 9:30 p.m.42 views

GHSA-4X65-4FJX-R7M6 Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

5.5CVSS5.8AI score0.00229EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/01/26 9:30 p.m.35 views

Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

5.5CVSS6.6AI score0.00229EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/26 9:18 p.m.19 views

CVE-2023-24442

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

5.5CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.16 views

Design/Logic Flaw

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...

1.7CVSS5.5AI score0.00229EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2023/01/05 4:56 p.m.476 views

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 This repository contains a Proof of Concept P...

9.8CVSS10AI score0.99826EPSS
Exploits48
OSV
OSV
added 2022/12/12 9:30 a.m.23 views

GHSA-M82G-FV7V-H64M Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

5.4CVSS6.6AI score0.00429EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/12/12 9:30 a.m.25 views

Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.2AI score0.00429EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/12/12 9:15 a.m.29 views

CVE-2022-46688

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

6.5CVSS0.00429EPSS
Exploits0References1
OSV
OSV
added 2022/12/12 9:15 a.m.23 views

CVE-2022-46688

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

6.5CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2022/12/12 9:15 a.m.20 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

4.3CVSS6.4AI score0.00429EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/12/07 12:0 a.m.32 views

CVE-2022-46688

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

7AI score0.00429EPSS
Exploits0References1
CVE
CVE
added 2022/12/07 12:0 a.m.97 views

CVE-2022-46688

The CVE-2022-46688 entry describes a CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier. The issue allows an attacker to cause Jenkins to connect to Gerrit servers (configured by admins) using attacker-supplied credentials IDs obtained via another method, potentially ...

6.5CVSS6.6AI score0.00429EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/12/07 12:0 a.m.4 views

Jenkins Sonar Gerrit Plugin 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.4AI score0.00429EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/07 12:0 a.m.6 views

CVE-2022-46688

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

6.5AI score0.00429EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/07 12:0 a.m.8 views

PT-2022-27952 · Jenkins · Jenkins Sonar Gerrit Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonar Gerrit Plugin versions 377.v8f3808963dc5 and earlier Description: A cross-site request forgery CSRF issue allows attackers to have Jenkins connect to Gerrit servers using attacker-specified credentials IDs, potentially capturing...

6.5CVSS6.4AI score0.00429EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2022/12/07 12:0 a.m.32 views

CVE-2022-46688

A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...

6.5CVSS4.5AI score0.00429EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2022/08/16 3:27 p.m.23 views

Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec

“Yes, I know what applications we have publicly exposed.” How many times have you said that with confidence? I bet not too many. With the rapid pace of development that engineering teams can work at, it is becoming increasingly difficult to know what apps you have exposed to the internet, adding...

7.2AI score
Exploits0
Veracode
Veracode
added 2022/07/26 7:7 a.m.19 views

Command Injection

sonar-wrapper is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of input via the run function allowing an attacker to inject maliciously crafted command into the system...

9.8CVSS9.2AI score0.01112EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder