Jenkins Plugins Performance Publisher 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-21902 · Jenkins · Jenkins Phabricator Differential Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Phabricator Differential Plugin versions 2.1.5 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. This allows attackers who can control coverag...

CVE-2023-28685

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-28685

CVE-2023-28685 affects Jenkins AbsInt a³ Plugin (≤1.1.0). It does not configure its XML parser to prevent XML External Entity (XXE) attacks, enabling potential disclosure of secrets from the Jenkins controller via crafted XML. CVSSv3.1 base score 7.1 (HIGH): Network attack vector, LOW privileges ...

CVE-2023-28685

Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2023-21904 · Jenkins · Jenkins Absint A³ Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AbsInt a³ Plugin versions 1.1.0 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers who can control the Project File APX contents t...

Fedora 36 : mingw-python-OWSLib (2023-ae06b3704c)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ae06b3704c advisory. Update to OWSLib-0.28.1, fixes CVE-2023-27476. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora 37 : mingw-python-OWSLib (2023-8312a80917)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8312a80917 advisory. Update to OWSLib-0.28.1, fixes CVE-2023-27476. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

CVE-2023-26461

SAP NetWeaver allows SAP Enterprise Portal - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view...

Code injection

SAP NetWeaver allows SAP Enterprise Portal - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view...

CVE-2023-26461

Summary : CVE-2023-26461 affects SAP NetWeaver (SAP Enterprise Portal) 7.50. Affected component: the XML parser; root cause is processing of crafted XML that allows an authenticated user with sufficient privileges to view, but not modify, sensitive data. This is a network-based vulnerability with...

PT-2023-20654 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver version 7.50 Description: The issue allows an authenticated attacker with sufficient privileges to access the XML parser, enabling them to submit a crafted XML file. When parsed, this file allows the attacker to access, but not...

Fedora 38 : mingw-python-OWSLib (2023-9a878398a6)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-9a878398a6 advisory. Update to OWSLib-0.28.1, fixes CVE-2023-27476. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

SUSE CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

Design/Logic Flaw

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

PYSEC-2023-86

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

Debian: Security Advisory (DLA-355-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-172-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-27476

OWSLib (Python) has a vulnerability in its XML parser that does not disable entity resolution, enabling potential arbitrary file reads from attacker-controlled XML payloads across all XML parsing in the codebase. Affected versions prior to 0.28.1; remediation is to upgrade to 0.28.1 or apply the ...