[SECURITY] Fedora 35 Update: golang-github-christrenkamp-goxpath-0-0.6.20200627gitc5096ec.fc35

An XPath 1.0 implementation written in the Go programming language...

Updated java packages fix security vulnerability

OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions JAXP, 8270504 CVE-2022-21426 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler Libraries, 8277672...

Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.15.0.10-alt1_1jpp11

0:11.0.15.0.10-alt11jpp11 built July 14, 2022 Andrey Cherepanov in task 303498 June 29, 2022 Andrey Cherepanov - New version. - Security fixes + JDK-8270504, CVE-2022-21426: Better XPath expression handling + JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0 +...

Jenkins XPath Configuration Viewer存在未明漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins XPath Configuration Viewer has a security vulnerability that stems...

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

Fedora: Security Advisory for golang-github-christrenkamp-goxpath (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-christrenkamp-goxpath-0-0.6.20200627gitc5096ec.fc36

An XPath 1.0 implementation written in the Go programming language...

Jenkins XPath Configuration Viewer Plugin授权问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins XPath Configuration Viewer Plugin...

Jenkins XPath Configuration Viewer Plugin跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins is an open source automation server that provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery...

Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability

Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to create and delete XPath expressions. Additionally, these HTTP endpoints do not require POST requests, resulting in a...

Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

Missing Authorization in Jenkins XPath Configuration Viewer Plugin

XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Given appropriate XPath expressions, this page grants access to job configuration XML data...

GHSA-3FJ7-78H2-W98X Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability

Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to create and delete XPath expressions. Additionally, these HTTP endpoints do not require POST requests, resulting in a...

GHSA-3Q7F-W8FR-368V Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

GHSA-QM37-C4W6-H9V9 Missing Authorization in Jenkins XPath Configuration Viewer Plugin

XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Given appropriate XPath expressions, this page grants access to job configuration XML data...

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...

CVE-2022-34813

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions...

CVE-2022-34811

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page...

CVE-2022-34811

A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page...