Lucene search
+L

137 matches found

Github Security Blog
Github Security Blog
added 2022/07/26 12:1 a.m.33 views

sonar-wrapper Command Injection vulnerability

A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...

9.8CVSS9.4AI score0.01112EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/07/26 12:1 a.m.30 views

GHSA-WR4V-3F2H-6HHH sonar-wrapper Command Injection vulnerability

A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...

9.8CVSS9.8AI score0.01112EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/07/25 2:5 p.m.24 views

CVE-2020-28443 Command Injection

This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js...

9.8CVSS9.7AI score0.01112EPSS
Exploits1References1
CVE
CVE
added 2022/07/25 2:5 p.m.59 views

CVE-2020-28443

CVE-2020-28443 affects all versions of the Node package sonar-wrapper, with the injection point in lib/sonarRunner.js. The vulnerability is a Command Injection flaw, allowing crafted input to be injected into system commands (high impact: CVSS 3.1 base score 9.8). Connected sources confirm the vu...

9.8CVSS9.7AI score0.01112EPSS
Exploits1References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/07/25 10:40 a.m.4 views

Malicious code in route-sonar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e7e8e14e7b5534cc30736a69538701a587fe3db0ac921df08e55a9c1e571fc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/07/25 10:40 a.m.9 views

MAL-2022-5845 Malicious code in route-sonar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e7e8e14e7b5534cc30736a69538701a587fe3db0ac921df08e55a9c1e571fc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.4 views

sonar-wrapper 命令注入漏洞

sonar-wrapper is a package by loic rondel individual developer that wraps SonarQube Scanner as a node module. A security vulnerability exists in sonar-wrapper, which stems from a command injection attack injection point in sonarRunner.js...

9.8CVSS8.3AI score0.01112EPSS
Exploits1References2
Snyk
Snyk
added 2022/07/22 8:9 a.m.2 views

Malicious Package

Overview route-sonar is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:10 p.m.30 views

Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration

Sonar Quality Gates Plugin stores credentials in its global configuration file org.quality.gates.jenkins.plugin.GlobalConfig.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the...

5.3CVSS5AI score0.00614EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:10 p.m.14 views

GHSA-6FH3-XHWG-7HFH Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration

Sonar Quality Gates Plugin stores credentials in its global configuration file org.quality.gates.jenkins.plugin.GlobalConfig.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the...

3.1CVSS5AI score0.00614EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/24 5:3 p.m.4 views

org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2019-16552 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.22.0)

com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =2.4.6 Source cves: CVE-2019-16552 Source advisory: OSV:GHSA-4R39-F4RH-J6Q8...

5.5CVSS6AI score0.00622EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 5:3 p.m.12 views

org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2019-16551 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.22.0)

com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =2.4.6 Source cves: CVE-2019-16551 Source advisory: OSV:GHSA-VMVP-2HHX-RGM8...

8.8CVSS7.2AI score0.00691EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 4:59 p.m.27 views

Jenkins Sonar Gerrit Plugin stores credentials unencrypted

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS3.2AI score0.00852EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:59 p.m.17 views

GHSA-6FV3-W7J6-5XFC Jenkins Sonar Gerrit Plugin stores credentials unencrypted

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.4AI score0.00852EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/05/17 4:56 a.m.4 views

org.jenkins-ci.plugins:sonar-gerrit (=428.v5c962d271b_a_5) potentially affected by CVE-2013-5676 via org.jenkins-ci.plugins:sonar (=2.13.1)

org.jenkins-ci.plugins:sonar MAVEN version =2.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:sonar and may be impacted: - org.jenkins-ci.plugins:sonar-gerrit =428.v5c962d271ba5 Source cves: CVE-2013-5676 Source advisory:...

4CVSS5.8AI score0.04987EPSS
Exploits4
Snyk
Snyk
added 2022/05/17 4:56 a.m.5 views

Cleartext Storage of Sensitive Information

Overview org.jenkins-ci.plugins:sonar is a SonarQube scanner plugin for Jenkins Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the sonar.sonarPassword parameter. An attacker can obtain sensitive information, including cleartext passwords, by...

5.3CVSS6.8AI score0.04987EPSS
Exploits4References2
vulnersOsv
vulnersOsv
added 2022/05/14 1:43 a.m.5 views

com.devonfw.tools:sonar-devon-plugin (=3.0.0), com.devonfw.tools:sonar-devon4j-plugin (=3.2.0) +124 more potentially affected by CVE-2018-19413 via org.sonarsource.sonarqube:sonar-plugin-api (>=5.2 <=7.4-alpha2)

org.sonarsource.sonarqube:sonar-plugin-api MAVEN version =5.2, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =1.0.0, =3.7.0, =2.0.0, =3.0.0, =1.0, =1.0, =1.0, =1.7 and more Source cves: CVE-2018-19413 Source advisory: OSV:GHSA-M643-2PFV-XWM8...

4.3CVSS5.8AI score0.0115EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/04/13 12:0 a.m.5 views

org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2022-29039 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.35.0)

com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =428.v5c962d271ba5 Source cves: CVE-2022-29039 Source advisory: OSV:GHSA-455J-8HG5-8576...

5.4CVSS6AI score0.00798EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/02/10 2:25 p.m.39 views

Evolving How We Share Rapid7 Research Data

In the spring of 2018, we launched the Open Data initiative to provide security teams and researchers with access to research data generated from Project Sonar and Project Heisenberg. Our goal for those projects is to understand how the attack surface is evolving, what exposures are most common o...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/17 12:8 p.m.43 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard

Today, Rapid7 released the fourth in our Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not so fast!...

7.3AI score
Exploits0
Rows per page
Query Builder