56 matches found
GHSA-RFRQ-3V89-FQG6 Reflected XSS in Jenkins Compatibility Action Storage Plugin
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
org.jenkins-ci.plugins:google-storage-plugin (>=0.1 <=0.4) potentially affected by CVE-2019-10436 via org.jenkins-ci.plugins:google-oauth-plugin (=0.1)
org.jenkins-ci.plugins:google-oauth-plugin MAVEN version =0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:google-oauth-plugin and may be impacted: - org.jenkins-ci.plugins:google-storage-plugin =0.1, =0.4 Source cves:...
VMware vCenter Server 输入验证错误漏洞
Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware. A remote code execution vulnerability exists in VMware vCenter Server. The vulnerability is due to a lack of proper input validation of vSAN, a runtime condition check plug-in enabled by default...
CloudBees Jenkins Compatibility Action Storage Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Compatibility Action Storage Plugin is used i...
CVE-2020-2217
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2020-2217
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
Cross site scripting
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
CVE-2020-2217
The CVE-2020-2217 issue affects Jenkins Compatibility Action Storage Plugin versions 1.0 and earlier. The root cause is that the plugin does not escape content coming from MongoDB in the testConnection form validation endpoint, leading to a reflected XSS vulnerability. Impact is reflected XSS as ...
CVE-2020-2217
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...
PT-2020-15433 · Jenkins · Jenkins Compatibility Action Storage Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Compatibility Action Storage Plugin versions 1.0 and earlier Description: The issue is related to a reflected cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the content coming from the MongoDB in...
CloudBees Jenkins Minio Storage Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Minio Storage Plugin is used in one of the...
CVE-2019-10285
Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10285
Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10285
Affected software : Jenkins Minio Storage Plugin. Vulnerability : credentials are stored unencrypted in the global configuration file on the Jenkins master, specifically in org.jenkinsci.plugins.minio.MinioUploader.xml. Root cause : lack of encryption for stored credentials in the plugin’s config...
PT-2019-11687 · Jenkins · Jenkins Minio Storage Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Minio Storage Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...
Security fix for the ALT Linux 8 package mariadb version April
April 1, 2013 Michael Shigorin 5.5.30-alt10 - New version - NB: 5.5.29 had important security fixes, including: + A buffer overflow that can cause a server crash or arbitrary code execution a variant of CVE-2012-5611 + CVE-2012-5627 fast password brute-forcing using the "change user" +...