Lucene search
+L

102 matches found

OSV
OSV
added 2023/04/12 6:30 p.m.66 views

GHSA-4697-3G92-GH78 Jenkins Thycotic Secret Server Plugin missing permissions check

Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...

4.3CVSS4.7AI score0.00519EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/04/12 6:30 p.m.21 views

Jenkins Thycotic Secret Server Plugin missing permissions check

Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...

4.3CVSS5.1AI score0.00519EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/12 6:30 p.m.32 views

Jenkins Azure Key Vault Plugin does not properly mask credentials

Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...

7.5CVSS7.5AI score0.00491EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/04/12 6:15 p.m.6 views

CVE-2023-30518

A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00519EPSS
Exploits0References2
NVD
NVD
added 2023/04/12 6:15 p.m.27 views

CVE-2023-30518

A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS4.5AI score0.00519EPSS
Exploits0References2
NVD
NVD
added 2023/04/12 6:15 p.m.26 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS7.6AI score0.00399EPSS
Exploits0References2
Prion
Prion
added 2023/04/12 6:15 p.m.19 views

Design/Logic Flaw

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

5CVSS7.5AI score0.00399EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/12 6:15 p.m.23 views

Information disclosure

A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS4.4AI score0.00519EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.7 views

CVE-2023-30518

A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

6.4AI score0.00519EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/12 5:5 p.m.31 views

CVE-2023-30518

A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.8AI score0.00519EPSS
Exploits0References2
CVE
CVE
added 2023/04/12 5:5 p.m.53 views

CVE-2023-30518

This CVE (CVE-2023-30518) affects Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier. Root cause: a missing permission check in the plugin’s HTTP endpoint. Impact: attackers with Overall/Read can enumerate credentials IDs of credentials stored in Jenkins, potentially aiding credential exposu...

4.3CVSS4.4AI score0.00519EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/04/12 5:5 p.m.55 views

CVE-2023-30515

CVE-2023-30515 affects Jenkins Thycotic DevOps Secrets Vault Plugin, 1.0.0 and earlier, where credentials are not properly masked in build logs when push mode for durable task logging is enabled. The available documents confirm this vulnerability exists in the Thycotic plugin (CVE-2023-30515) and...

7.5CVSS7.4AI score0.00399EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/12 5:5 p.m.33 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.7AI score0.00399EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/12 5:5 p.m.10 views

CVE-2023-30515

Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.1AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.6 views

PT-2023-22745 · Jenkins · Jenkins Thycotic Secret Server Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Thycotic Secret Server Plugin versions 1.0.2 and earlier Description: A missing permission check in the Jenkins Thycotic Secret Server Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials...

4.3CVSS4.3AI score0.00519EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.9 views

Jenkins Plugin Thycotic DevOps Secrets Vault 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS7.3AI score0.00399EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.6 views

Jenkins Plugin Thycotic Secret Server 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00519EPSS
Exploits0References4
Metasploit
Metasploit
added 2022/09/30 7:50 p.m.680 views

Delinea Thycotic Secret Server Dump

This module exports and decrypts Secret Server credentials to a CSV file; it is intended as a post-exploitation module for Windows hosts with Delinea/Thycotic Secret Server installed. Master Encryption Key MEK and associated IV values are decrypted from encryption.config using a static key baked...

7AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2022/09/16 4:55 p.m.27 views

How Uber was hacked in 2022

What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called “Tea Pot” successfully accessed Uber infrastructure and critical cloud services such as AWS, Slack, Google Workspace, and others. Most likely, Uber understood what had...

0.8AI score
Exploits0
CNVD
CNVD
added 2021/06/17 12:0 a.m.17 views

Thycotic Password Reset Server Information Disclosure Vulnerability

Thycotic Password Reset Server is a password reset server from Thycotic, U.S.A. A security vulnerability exists in versions of Thycotic Password Reset Server prior to 5.3.0, which stems from the password reset server allowing credentials to be exposed. An attacker could exploit the vulnerability ...

10CVSS2.6AI score0.01019EPSS
Exploits0References1
Rows per page
Query Builder