Astra Linux - уязвимость в ansible

Ansible versions 2.9.x before 2.9.1, 2.8.x before 2.8.7, and 2.7.x before 2.7.15 do not respect the “nolog” flag set to True when using Sumologic and Splunk callback plugins to send task result events to collectors. This could lead to the disclosure and collection of sensitive data...

EUVD-2023-2105

Malicious code in bioql PyPI...

EUVD-2023-1991

Malicious code in bioql PyPI...

CVE-2023-37958

A cross-site request forgery CSRF vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL...

Jenkins Sumologic Publisher Plugin missing permission check

Jenkins Sumologic Publisher Plugin 2.2.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests,...

GHSA-7JRR-FWHW-762V Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery

Jenkins Sumologic Publisher Plugin 2.2.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests,...

GHSA-MX84-FRHW-PCG8 Jenkins Sumologic Publisher Plugin missing permission check

Jenkins Sumologic Publisher Plugin 2.2.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests,...

Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery

Jenkins Sumologic Publisher Plugin 2.2.1 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, this form validation method does not require POST requests,...

CVE-2023-37959

A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2023-37958

A cross-site request forgery CSRF vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2023-37958

A cross-site request forgery CSRF vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2023-37959

A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL...

Information disclosure

A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2023-37959

A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2023-37959

A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2023-37959

CVE-2023-37959 affects Jenkins Sumologic Publisher Plugin (versions 2.2.1 and earlier). The root cause is a missing permission check in a form-validation method, enabling attackers with Overall/Read permission to connect to an attacker-specified URL. Some sources additionally describe CSRF risk b...

CVE-2023-37958

Jenkins Sumologic Publisher Plugin ≤ 2.2.1 has a CSRF vulnerability: a method implementing form validation lacks a permission check, allowing attackers with Overall/Read to trigger a request to an attacker‑specified URL without POST requirements. Impact stated across multiple sources; no public e...

CVE-2023-37958

A cross-site request forgery CSRF vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2023-37958

A cross-site request forgery CSRF vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL...