102 matches found
GHSA-4697-3G92-GH78 Jenkins Thycotic Secret Server Plugin missing permissions check
Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...
Jenkins Thycotic Secret Server Plugin missing permissions check
Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...
Jenkins Azure Key Vault Plugin does not properly mask credentials
Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30515
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
Design/Logic Flaw
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
Information disclosure
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
This CVE (CVE-2023-30518) affects Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier. Root cause: a missing permission check in the plugin’s HTTP endpoint. Impact: attackers with Overall/Read can enumerate credentials IDs of credentials stored in Jenkins, potentially aiding credential exposu...
CVE-2023-30515
CVE-2023-30515 affects Jenkins Thycotic DevOps Secrets Vault Plugin, 1.0.0 and earlier, where credentials are not properly masked in build logs when push mode for durable task logging is enabled. The available documents confirm this vulnerability exists in the Thycotic plugin (CVE-2023-30515) and...
CVE-2023-30515
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
CVE-2023-30515
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
PT-2023-22745 · Jenkins · Jenkins Thycotic Secret Server Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Thycotic Secret Server Plugin versions 1.0.2 and earlier Description: A missing permission check in the Jenkins Thycotic Secret Server Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials...
Jenkins Plugin Thycotic DevOps Secrets Vault 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin Thycotic Secret Server 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Delinea Thycotic Secret Server Dump
This module exports and decrypts Secret Server credentials to a CSV file; it is intended as a post-exploitation module for Windows hosts with Delinea/Thycotic Secret Server installed. Master Encryption Key MEK and associated IV values are decrypted from encryption.config using a static key baked...
How Uber was hacked in 2022
What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called “Tea Pot” successfully accessed Uber infrastructure and critical cloud services such as AWS, Slack, Google Workspace, and others. Most likely, Uber understood what had...
Thycotic Password Reset Server Information Disclosure Vulnerability
Thycotic Password Reset Server is a password reset server from Thycotic, U.S.A. A security vulnerability exists in versions of Thycotic Password Reset Server prior to 5.3.0, which stems from the password reset server allowing credentials to be exposed. An attacker could exploit the vulnerability ...