1063 matches found
CVE-2023-38647
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run...
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting
Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...
GHSA-62V2-XWH3-5GVX Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting
Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...
CVE-2023-35146
Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...
CVE-2023-35146
Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...
CVE-2023-35146
Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...
CVE-2023-35146
CVE-2023-35146 affects the Jenkins Template Workflows Plugin versions 41.v32d86a_313b_4a and earlier. The root cause is that the plugin does not escape names of jobs used as building blocks for Template Workflow Jobs, leading to stored cross-site scripting (XSS) exploitable by attackers who can c...
CVE-2023-35146
Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...
PT-2023-25165 · Jenkins · Jenkins Template Workflows Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Template Workflows Plugin versions 41.v32d86a 313b 4a and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape names of jobs used as building blocks...
Jenkins Plugin Template Workflows 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Gradle 信息泄露漏洞
Gradle is a set of JVM-based project building tools from the US company Gradle, which supports maven, Ivy repositories and more. An information disclosure vulnerability exists in Gradle versions prior to 2.4.2, which stems from the fact that data stored in the GitHub Actions cache can be read by...
Modernizing Vulnerability Management: The Move Toward Exposure Management
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effectiv...
Modernizing Vulnerability Management: The Move Toward Exposure Management
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effectiv...
Users can set up workflows using restricted and invisible system tags
None...
SUSE CVE-2023-26482
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
CVE-2023-26482
CVE-2023-26482 affects Nextcloud Server (24.x prior to 24.0.10 and 25.x prior to 25.0.4 in several sources). The issue is a missing scope validation for Workflow operations, allowing creation of workflows intended for admins to be usable by non-admin contexts and, in combination with certain apps...
CVE-2023-26482 Scope of workflow operations is not validated in nextcloud server
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs,...
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-23550)
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. An information disclosure vulnerability exists in versions prior to Apache Airflow 2.5.2, which stems from the fact that...
Nextcloud: Users can set up workflows using restricted and invisible system tags
Vulnerability description not provided...