137 matches found
Nearly 19,000 ESXi Servers Still Vulnerable to CVE-2021-21974
Last week, multiple organizations issued warnings that a ransomware campaign dubbed “ESXiArgs” was targeting VMware ESXi servers, allegedly by leveraging CVE-2021-21974—a nearly two-year-old heap overflow vulnerability. Two years. And yet, Rapid7 research has found that a significant number of ES...
org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2023-24423 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.35.0)
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =428.v5c962d271ba5 Source cves: CVE-2023-24423 Source advisory: OSV:GHSA-95JQ-24CR-PGRQ...
GHSA-4X65-4FJX-R7M6 Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...
CVE-2023-24442
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...
Design/Logic Flaw
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...
Exploit for Incorrect Authorization in Cacti
CVE-2022-46169 This repository contains a Proof of Concept P...
GHSA-M82G-FV7V-H64M Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
CVE-2022-46688
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
CVE-2022-46688
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
CVE-2022-46688
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
CVE-2022-46688
The CVE-2022-46688 entry describes a CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier. The issue allows an attacker to cause Jenkins to connect to Gerrit servers (configured by admins) using attacker-supplied credentials IDs obtained via another method, potentially ...
Jenkins Sonar Gerrit Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-46688
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
PT-2022-27952 · Jenkins · Jenkins Sonar Gerrit Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Sonar Gerrit Plugin versions 377.v8f3808963dc5 and earlier Description: A cross-site request forgery CSRF issue allows attackers to have Jenkins connect to Gerrit servers using attacker-specified credentials IDs, potentially capturing...
CVE-2022-46688
A cross-site request forgery CSRF vulnerability in Jenkins Sonar Gerrit Plugin 377.v8f3808963dc5 and earlier allows attackers to have Jenkins connect to Gerrit servers previously configured by Jenkins administrators using attacker-specified credentials IDs obtained through another method,...
Are Your Apps Exposed? Know Faster With Application Discovery in InsightAppSec
“Yes, I know what applications we have publicly exposed.” How many times have you said that with confidence? I bet not too many. With the rapid pace of development that engineering teams can work at, it is becoming increasingly difficult to know what apps you have exposed to the internet, adding...
Command Injection
sonar-wrapper is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of input via the run function allowing an attacker to inject maliciously crafted command into the system...