PT-2023-24127 · Jenkins · Jenkins Saml Single Sign On(Sso) Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SAML Single Sign OnSSO Plugin versions 2.0.0 and earlier Description: A missing permission check in the Jenkins SAML Single Sign OnSSO Plugin allows attackers with Overall/Read permission to send an HTTP POST request with a JSON body...

GHSA-Q4RF-3FHX-88PF YAML deserialization can run untrusted code

Impact An authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An...

YAML deserialization can run untrusted code

Impact An authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with a crafted aclpolicy yaml file, that can cause the server to run untrusted code on Rundeck Community or Enterprise Edition. An...

CVE-2021-39132

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

CVE-2019-10867

An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to...

Log2Space Central 6.2 Cross Site Scripting

FULL DISCLOSURE Product : Log2Space Central Exploit Author : Rahul Pratap Singh Version : 6.2 Home page Link : http://www.spacecom.co.in/log2spacecentralserveroverview.html Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 27/Jan/2016 XSS...