Jenkins Plugin Semantic Versioning 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-24430

CVE-2023-24430 affects Jenkins Semantic Versioning Plugin 1.14 and earlier, where the XML parser is not configured to prevent XML external entity (XXE) attacks. This XXE flaw could enable an attacker able to influence agent/controller parsing to exfiltrate data or affect processing. The issue is ...

CVE-2023-24443

CVE-2023-24443 concerns Jenkins TestComplete support Plugin, version 2.8.1 and earlier, where the XML parser is not configured to prevent XML external entity (XXE) attacks. The vulnerability is described as high-severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base score 9.8). The issue i...

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24441

Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24443

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24441

CVE-2023-24441 affects Jenkins MSTest Plugin 1.0.0 and earlier, where the XML parser is not configured to prevent XML external entity (XXE) attacks. The available connected sources confirm an XXE vulnerability in MSTest Plugin and do not specify a published patch version. Exploit specifics are no...

CVE-2023-24430

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-24443

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-47950

A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api...

expat security update

2.2.5-10.0.1 - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910314 2.2.5-10.1 - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate - Resolves: CVE-2022-43680...

Server-Side Request Forgery (SSRF)

com.amazonaws:aws-android-sdk-core is vulnerable to server-side request forgery. The vulnerability exists due to the the XML Parser component located in the XpathUtils function in aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java which allows a remote attacker to abuse server...

AWS SDK is vulnerable to server-side request forgery (SSRF)

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

GHSA-F5H9-QX38-2HGP AWS SDK is vulnerable to server-side request forgery (SSRF)

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

CVE-2022-4725

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

Server side request forgery (ssrf)

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...

AWS SDK for Android 代码问题漏洞

AWS SDK for Android is an AWS SDK for Android open source by AWS Amplify. A code issue vulnerability exists in AWS SDK for Android prior to version 2.59.01, which stems from a function in the aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java file in the component XML Parser...

CVE-2022-4725

The CVE-2022-4725 entry concerns the AWS Android SDK core’s XML Parser, specifically the XpathUtils.java function. It enables server-side request forgery (SSRF) due to its manipulation, affecting the XpathUtils component. The issue is fixed by upgrading from version 2.59.0 to 2.59.1; the patch id...

CVE-2022-4725 AWS SDK XML Parser XpathUtils.java XpathUtils server-side request forgery

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...