EUVD-2013-4351

Malware in sbrugna...

EUVD-2023-2693

Malicious code in bioql PyPI...

at.porscheinformatik.zanata:common (>=4.7.0 <=4.7.8), at.porscheinformatik.zanata:stub-server (>=4.7.0 <=4.7.8) +455 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-multipart-provider (>=2.0-RC1 <=3.15.3.Final)

org.jboss.resteasy:resteasy-multipart-provider MAVEN version =2.0-RC1, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =1.0.0, =0.2.0, =0.10.5-experimental and more Source cves: CVE-2023-0482 Source advisory: OSV:GHSA-2C6G-PFX3-W7H8...

GHSA-86J9-25M2-9W97 Non-constant time webhook token hash comparison in Jenkins Zanata Plugin

Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, ther...

Non-constant time webhook token hash comparison in Jenkins Zanata Plugin

Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, ther...

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

Code injection

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2023-46660

Summary: CVE-2023-46660 affects Jenkins Zanata Plugin prior to 0.7 (0.6 and earlier) and is due to a non-constant time comparison when verifying webhook token hashes. This vulnerable check could enable attackers to use statistical methods to obtain a valid webhook token, as stated in multiple sou...

Jenkins Plugin Zanata Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-30147 · Jenkins · Jenkins Zanata Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Zanata Plugin versions 0.6 and earlier Description: The issue is related to the use of a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal. This potentially allows...

at.porscheinformatik.zanata:common (>=4.7.0 <=4.7.8), at.porscheinformatik.zanata:stub-server (>=4.7.0 <=4.7.8) +516 more potentially affected by CVE-2020-1695 via org.jboss.resteasy:resteasy-client (>=3.0.0.Final <=3.11.5.Final)

org.jboss.resteasy:resteasy-client MAVEN version =3.0.0.Final, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =1.1.9, =1.0.0.Final, =1.0.3.Final and more Source cves: CVE-2020-1695 Source advisory: OSV:GHSA-63CQ-PPQ8-CW6G...

at.porscheinformatik.zanata:common (>=4.7.0 <=4.7.8), at.porscheinformatik.zanata:stub-server (>=4.7.0 <=4.7.8) +337 more potentially affected by CVE-2016-6348 via org.jboss.resteasy:resteasy-client (>=3.0-beta-1 <=3.0.1.Final)

org.jboss.resteasy:resteasy-client MAVEN version =3.0-beta-1, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =1.1.11, =1.1.11, =1.3.2 and more Source cves: CVE-2016-6348 Source advisory: OSV:GHSA-9XFC-J5MF-9W5P...

at.porscheinformatik.zanata:common (>=4.7.0 <=4.7.8), at.porscheinformatik.zanata:stub-server (>=4.7.0 <=4.7.8) +337 more potentially affected by CVE-2016-6347 via org.jboss.resteasy:resteasy-client (>=3.0-beta-1 <=3.0.1.Final)

org.jboss.resteasy:resteasy-client MAVEN version =3.0-beta-1, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =1.1.11, =1.1.11, =1.3.2 and more Source cves: CVE-2016-6347 Source advisory: OSV:GHSA-R346-RMRG-QPGH...

at.porscheinformatik.zanata:common (>=4.7.0 <=4.7.8), at.porscheinformatik.zanata:stub-server (>=4.7.0 <=4.7.8) +1328 more potentially affected by CVE-2016-6346 via org.jboss.resteasy:resteasy-jaxrs (>=1.1.GA <=3.0.1.Final)

org.jboss.resteasy:resteasy-jaxrs MAVEN version =1.1.GA, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =1.0.0, =1.2.0 - biz.paluch.visualizr:visualizr =1.0 - br.com.esec.icpm:certillion-client-library-resteasy-plugin =1.1.10 and more Source cves:...

at.porscheinformatik.zanata:common (>=4.7.0 <=4.7.8), at.porscheinformatik.zanata:stub-server (>=4.7.0 <=4.7.8) +733 more potentially affected by CVE-2020-25633 via org.jboss.resteasy:resteasy-client (>=3.0-beta-1 <=3.13.2.Final)

org.jboss.resteasy:resteasy-client MAVEN version =3.0-beta-1, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =1.0.0, =1.3.0 - be.valuya:ovh-sms-client =1.0 - br.com.anteros:Anteros-Keycloak =1.0.0 and more Source cves: CVE-2020-25633 Source advisor...

am.ik.home:uaa-server (>=1.0.0 <=1.2.0), at.porscheinformatik.zanata:common (>=4.7.0 <=4.7.8) +2713 more potentially affected by CVE-2017-7536 via org.hibernate:hibernate-validator (>=5.2.0.Alpha1 <=5.2.4.Final)

org.hibernate:hibernate-validator MAVEN version =5.2.0.Alpha1, =1.0.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =1, =1, =10 and more Source cves: CVE-2017-7536 Source advisory: OSV:GHSA-XXGP-PCFC-3VGC...

CVE-2013-4486

Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging...