102 matches found
CVE-2019-18356
An XSS issue was discovered in Thycotic Secret Server before 10.7 issue 1 of 2...
CVE-2019-18355
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7...
EUVD-2017-3335
Malware in sbrugna...
EUVD-2021-21329
Malware in sbrugna...
EUVD-2015-4119
Malware in sbrugna...
EUVD-2014-4780
Malware in sbrugna...
EUVD-2019-8141
Malware in sbrugna...
EUVD-2019-8143
Malware in sbrugna...
EUVD-2019-8142
Malware in sbrugna...
EUVD-2015-3487
Malware in sbrugna...
EUVD-2023-1181
Malicious code in bioql PyPI...
PT-2025-27646 · Thycotic · Thycotic Secret Server
Name of the Vulnerable Software and Affected Versions: Thycotic Secret Server versions 11.7 and earlier Description: The issue allows an administrator to gain access to restricted tables through a SQL report creation vulnerability. Recommendations: For Thycotic Secret Server versions 11.7 and...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30515
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
CVE-2021-34679
Thycotic Password Reset Server before 5.3.0 allows credential disclosure...
CVE-2019-18357
An XSS issue was discovered in Thycotic Secret Server before 10.7 issue 2 of 2...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....
Jenkins Thycotic Secret Server Plugin missing permissions check
Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...
GHSA-4697-3G92-GH78 Jenkins Thycotic Secret Server Plugin missing permissions check
Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...
Jenkins Azure Key Vault Plugin does not properly mask credentials
Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...