CVE-2022-27205

A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

Security feature bypass

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service...

PT-2022-1968 · Microsoft · Windows Mshtml Platform +1

Name of the Vulnerable Software and Affected Versions: Windows HTML Platforms affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to disclose protected information. It is a security-feature bypass vulnerability that affects...

PT-2022-4891 · D Link · Dlink Router

Name of the Vulnerable Software and Affected Versions: D-Link routers affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this issue. The...

PT-2022-1799 · Adobe · Commerce +1

Name of the Vulnerable Software and Affected Versions: Magento Commerce affected versions not specified Adobe Commerce affected versions not specified Description: The issue exists due to insufficient input validation in the software platform. This allows a remote attacker to execute arbitrary...

GHSA-M5WP-P3GJ-7Q5G Missing Authorization in Jenkins dbCharts Plugin

A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials...

CVE-2022-25205

A cross-site request forgery CSRF vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance...

CVE-2022-25194

A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...

CVE-2022-0596

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11...

Input validation

Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11...

Jenkins 插件 跨站请求伪造漏洞

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. Jenkins Checkmarx Plugin cross-site request forgery vulnerability. The vulnerability can be exploited by an attacker to connect to an attacker-specified web server via an attacker-specified credential ID to capture...

Jenkins 插件权限许可和访问控制问题漏洞

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. Jenkins dbCharts Plugin Access Control Error Vulnerability. An attacker can exploit this vulnerability to connect to a specified database using JDBC with specified credentials...

PT-2022-17145 · Jenkins · Jenkins Dbcharts Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins dbCharts Plugin versions 0.5.2 and earlier Description: A missing check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials...

PT-2022-8503 · Drupal · Drupal Quickedit Module

Name of the Vulnerable Software and Affected Versions: Drupal QuickEdit module affected versions not specified Description: The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the...

CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname...

PT-2022-13257 · Subiquity · Subiquity

Name of the Vulnerable Software and Affected Versions: Subiquity affected versions not specified Description: The issue concerns Subiquity showing guided storage passphrases in plaintext with read-all permissions. Recommendations: At the moment, there is no information about a newer version that...