66 matches found
CVE-2019-18356
An XSS issue was discovered in Thycotic Secret Server before 10.7 issue 1 of 2...
CVE-2019-18355
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7...
EUVD-2017-3335
Malware in sbrugna...
EUVD-2019-8143
Malware in sbrugna...
EUVD-2014-4780
Malware in sbrugna...
EUVD-2019-8141
Malware in sbrugna...
EUVD-2019-8142
Malware in sbrugna...
EUVD-2015-3487
Malware in sbrugna...
EUVD-2023-1181
Malicious code in bioql PyPI...
PT-2025-27646 · Thycotic · Thycotic Secret Server
Name of the Vulnerable Software and Affected Versions: Thycotic Secret Server versions 11.7 and earlier Description: The issue allows an administrator to gain access to restricted tables through a SQL report creation vulnerability. Recommendations: For Thycotic Secret Server versions 11.7 and...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2019-18357
An XSS issue was discovered in Thycotic Secret Server before 10.7 issue 2 of 2...
GHSA-4697-3G92-GH78 Jenkins Thycotic Secret Server Plugin missing permissions check
Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Information disclosure
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
This CVE (CVE-2023-30518) affects Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier. Root cause: a missing permission check in the plugin’s HTTP endpoint. Impact: attackers with Overall/Read can enumerate credentials IDs of credentials stored in Jenkins, potentially aiding credential exposu...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
PT-2023-22745 · Jenkins · Jenkins Thycotic Secret Server Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Thycotic Secret Server Plugin versions 1.0.2 and earlier Description: A missing permission check in the Jenkins Thycotic Secret Server Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials...