PT-2024-36011 · Jenkins · Jenkins Filesystem List Parameter Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Filesystem List Parameter Plugin versions 0.0.14 and earlier Description: The issue allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system due to a lack of restriction on the path...

GHSA-P788-RJ37-357W Insecure Defaults Leads to Potential MITM in ezseed-transmission

Affected versions of ezseed-transmission download and run a script over an HTTP connection. An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running...