3 matches found
PYSEC-2026-489 SQLAlchemyDA unauthenticated arbitrary SQL query execution
Impact The vulnerability allows unauthenticated execution of arbitrary SQL statements on the database the SQLAlchemyDA instance is connected to. All users are affected. Patches The problem has been patched in version 2.2. Workarounds There is no workaround. All users are urged to upgrade to versi...
Inadequate Encryption Strength
Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Inadequate Encryption Strength in the PBKDF2 key derivation process. An attacker c...
Cleartext Storage of Sensitive Information
Overview org.jenkins-ci.plugins:sonar is a SonarQube scanner plugin for Jenkins Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the sonar.sonarPassword parameter. An attacker can obtain sensitive information, including cleartext passwords, by...