14898 matches found
Driftwood - Private Key Usage Verification
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Driftwood performs lookups with the computed public key, so the private key never leaves where you run the tool. Additionally it supports some basic password...
SSH Host Based Authentication
Introduction Are you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identit...
Jenkins Publish Over SSH Plugin Cross-Site Request Forgery Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Publish Over SSH Plugin in version 1.22 and earlier contains a cross-site request forgery vulnerability that stems...
Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-05039)
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Publish Over SSH Plugin in version 1.22 and earlier has a cross-site scripting vulnerability that stems from the...
Jenkins Authorization Issues Vulnerability (CNVD-2022-08041)
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Publish Over SSH Plugin in 1.22 and earlier versions of the authorization problem vulnerability , the...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
!DDT Framework Functional Testing - Passhttps://img.shields.i...
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...
GHSA-9WXH-JJJ5-67CV Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Jenkins SSH Agent Plugin prior to 1.23.2 and 1.22.1 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
GHSA-FJPM-HF7C-XGC2 Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
GHSA-R3RR-WPH6-9638 Password stored in plain text by Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
GHSA-884C-9WWH-9P6V CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
Path traversal vulnerability in Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...
Missing permission check in Jenkins Publish Over SSH Plugin
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...
Password stored in plain text by Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
GHSA-J8RG-4HJM-8R95 Path traversal vulnerability in Jenkins Publish Over SSH Plugin
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files...
GHSA-VC4R-J8J6-3FP6 Missing permission check in Jenkins Publish Over SSH Plugin
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials...
CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
CVE-2022-23111
A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...