Lucene search
K

359 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:17 a.m.20 views

Jenkins Trac Publisher Plugin stores credentials in plain text

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01365EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 1:17 a.m.27 views

GHSA-577W-62CP-F67H Jenkins Trac Publisher Plugin stores credentials in plain text

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS8.7AI score0.01365EPSS
Exploits0References3
OSV
OSV
added 2022/05/02 3:54 a.m.5 views

GHSA-F9QV-J5G6-G5CR Trac is vulnerable to improper policy checks and missing 'raw' role check in docutils

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...

8.7CVSS6.6AI score0.01968EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2022/05/02 3:54 a.m.27 views

Trac is vulnerable to improper policy checks and missing 'raw' role check in docutils

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...

7.5CVSS7AI score0.01968EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 11:59 p.m.37 views

Trac Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.6AI score0.01335EPSS
Exploits1References10Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 11:55 p.m.28 views

Trac Open Redirect vulnerability

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function...

6.1CVSS6.1AI score0.01834EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/01 11:55 p.m.130 views

GHSA-RCMJ-XP8F-F6Q4 Trac Open Redirect vulnerability

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function...

6.1CVSS6.1AI score0.01834EPSS
Exploits0References7
OSV
OSV
added 2022/05/01 5:53 p.m.8 views

GHSA-W7X2-57F7-3P3X Trac Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

6.1CVSS5.4AI score0.01089EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/01 5:53 p.m.29 views

Trac Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.7AI score0.01089EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 5:53 p.m.13 views

Trac missing Content-Disposition HTTP header

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS6.9AI score0.01342EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/01 5:53 p.m.7 views

GHSA-7JJR-3R8R-9PCF Trac missing Content-Disposition HTTP header

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

6.9CVSS6.4AI score0.01342EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/01 7:32 a.m.17 views

Edgewall Trac Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors...

7.5CVSS6.9AI score0.02108EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/01 7:32 a.m.5 views

GHSA-2Q26-R8C4-JFX5 Edgewall Trac Cross-site request forgery (CSRF) vulnerability

Cross-site request forgery CSRF vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors...

8.7CVSS6.5AI score0.02108EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/01 7:11 a.m.29 views

Trac reStructuredText breach of privacy and denial of service vulnerability

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...

6.8CVSS6.5AI score0.01864EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/01 2:29 a.m.8 views

GHSA-6VHP-HP77-6W52 Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

6.1CVSS5.4AI score0.0151EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/05/01 2:29 a.m.17 views

Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

4.3CVSS5.7AI score0.0151EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2019/11/13 11:15 p.m.18 views

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

7.5CVSS7.5AI score0.01303EPSS
Exploits0References3
OSV
OSV
added 2019/11/13 11:15 p.m.13 views

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

7.5CVSS6.7AI score0.01303EPSS
Exploits0References5
OSV
OSV
added 2019/11/13 11:15 p.m.2 views

DEBIAN-CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

7.5CVSS7.3AI score0.01303EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/11/13 11:15 p.m.30 views

CVE-2010-5108

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

7.5CVSS7.1AI score0.01303EPSS
Exploits0References2
Rows per page
Query Builder