14897 matches found
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Design/Logic Flaw
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27210
CVE-2022-27210 : A CSRF vulnerability in the Jenkins Kubernetes Continuous Deploy Plugin (versions up to and including 2.3.1) allows an attacker to cause Jenkins to connect to an attacker-specified SSH server using credentials IDs obtained through another method, thereby capturing credentials sto...
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
InsightVM Scanning: Demystifying SSH Credential Elevation
Written in collaboration with Jimmy Cancilla The credentials to log into the assets on the network are one of the most critical inputs that can be provided to a vulnerability assessment. In order to capture and report on the full risk of an asset, the scan engine must be able to access the asset ...
ALBA-2022:0883 cloud-init bug fix and enhancement update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: AlmaLinux8 Azure cloud-init fails to configure the...
cloud-init bug fix and enhancement update
The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: AlmaLinux8 Azure cloud-init fails to configure the...
PT-2022-18299 · Jenkins · Jenkins Kubernetes Continuous Deploy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Continuous Deploy Plugin versions 2.3.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified...
GitLab 14.6 < 14.6.5 / 14.7.0 < 14.7.4 / 14.8.0 < 14.8.2 (CVE-2022-0738)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was...
CVE-2021-36368
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...
Remote Code Execution (RCE)
Icinga Web 2 is vulnerable to remote code execution. The vulnerability exists due to the lack of validation of access to the configuration which can create SSH resource files in unintended directories...
Icinga Web 2 < 2.8.6, 2.9.x < 2.9.6 Multiple Vulnerabilities
Icinga Web 2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:icinga:icingaweb2";...
CVE-2022-24715
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...
Code injection
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...
CVE-2022-24715
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6...
CVE-2021-37209
A vulnerability has been identified in RUGGEDCOM i800 All versions V4.3.8, RUGGEDCOM i801 All versions V4.3.8, RUGGEDCOM i802 All versions V4.3.8, RUGGEDCOM i803 All versions V4.3.8, RUGGEDCOM M2100 All versions V4.3.8, RUGGEDCOM M2200 All versions V4.3.8, RUGGEDCOM M969 All versions V4.3.8,...