GHSA-2M74-X26C-G7XC Missing permission checks in Mac Plugin

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

Missing permission checks in Mac Plugin

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

CSRF vulnerability in Mac Plugin

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

GHSA-QCFQ-35V7-4FW7 CSRF vulnerability in Mac Plugin

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...

GHSA-Q53J-P6R2-G2V4 SaltStack Salt is vulnerable to command injection

In SaltStack Salt before 2019.2.3, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

SaltStack Salt is vulnerable to command injection

In SaltStack Salt before 2019.2.3, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...

Missing permission check in Jenkins Gerrit Trigger Plugin

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...

GHSA-4R39-F4RH-J6Q8 Missing permission check in Jenkins Gerrit Trigger Plugin

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins maste...

GHSA-VMVP-2HHX-RGM8 Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin

A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...

GHSA-345P-PW5Q-G98V Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Google Compute Engine Plugin 4.2.0 verifies SSH host keys before executing any commands on agents...

Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Google Compute Engine Plugin 4.2.0 verifies SSH host keys before executing any commands on agents...

GHSA-M36J-F2HF-QGJ2 Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions

A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions

A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

GHSA-M295-M3X4-3MMC Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery

A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

NULL Pointer Dereference

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers...

SUSE SLES12 Security Update : curl (SUSE-SU-2022:1805-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1805-1 advisory. - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop bsc1199223 - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse...

Findwall - Check If Your Provider Is Blocking You!

FindWall is Python script that allows to understand if your network provider is limiting your access to the Internet by blocking any TCP/UDP port. In order to perform this check FindWall needs to connect a public VPS of your property. FindWall performs the following actions: 1. Connects to the VP...

cloud-init bug fix update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...