Lucene search
K
JenkinsRecent

1464 matches found

Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•6 views

Agent-to-controller security bypass vulnerability in compuware-xpediter-code-coverage

compuware-xpediter-code-coverage 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed. It allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. NOTE: This vulnerability ...

5.3CVSS5.9AI score0.00647EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•6 views

Content-Security-Policy protection for user content disabled by XFramium Builder

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. XFramium Builder 1.0.22 and earlier globally disables the Content-Security-Poli...

8.8CVSS4.8AI score0.00542EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•6 views

Content-Security-Policy protection for user content disabled by ScreenRecorder

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. ScreenRecorder 0.7 and earlier programmatically updates the Java system propert...

8CVSS4.8AI score0.00511EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•9 views

Content-Security-Policy protection for user content can be disabled in 360 FireLine

Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine 1.7.2 and earlier globally disables the Content-Security-Policy...

8CVSS5.3AI score0.00617EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•5 views

Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin

Pipeline: Groovy Libraries Plugin and older releases of the Pipeline: Deprecated Groovy Libraries Plugin formerly Pipeline: Shared Groovy Libraries Plugin define the library Pipeline step, which allows Pipeline authors to dynamically load Pipeline libraries. The return value of this step can be...

9.9CVSS8.6AI score0.01161EPSS
Exploits0Affected Software2
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•9 views

CSRF protection for any URL can be bypassed in pipeline-stage-view

pipeline-stage-view provides a visualization of Pipeline builds. It also allows users to interact with input steps from Pipeline: Input Step Plugin. pipeline-stage-view 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proceed or abort Pipeline...

8CVSS6.4AI score0.00443EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•19 views

Stored XSS vulnerability in workflow-support

workflow-support provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build after aborting it...

8CVSS5.5AI score0.00655EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•6 views

XXE vulnerability in repo

repo 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control which repo binary is executed on agents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins...

7.5CVSS7.4AI score0.00875EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•10 views

CSRF vulnerability in Katalon allows capturing credentials

Katalon 1.0.33 and earlier does not require POST requests for several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.3CVSS5AI score0.00397EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•10 views

API keys stored in plain text by Katalon

Katalon 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Katalon 1.0.33 no longer stores the API...

6.5CVSS6.4AI score0.00668EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•9 views

Stored XSS vulnerability in contrast-continuous-application-security

contrast-continuous-application-security 3.9 and earlier does not escape data returned from the Contrast service when generating a report. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

7.5CVSS5.3AI score0.00639EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•6 views

Agent-to-controller security bypass vulnerabilities in compuware-topaz-for-total-test

compuware-topaz-for-total-test 2.4.8 and earlier implements two agent/controller messages that do not limit where they can be executed. RemoteSystemProperties allows attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process...

7.5CVSS6.5AI score0.00647EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•7 views

Missing permission check in compuware-strobe-measurement allows enumerating credentials IDs

compuware-strobe-measurement 1.0.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS5.1AI score0.0045EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/10/19 12:0 a.m.•6 views

Sandbox bypass vulnerabilities in Script Security Plugin and in Pipeline: Groovy Plugin

Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...

9.9CVSS8.7AI score0.01428EPSS
Exploits0Affected Software2
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

Stored XSS vulnerability in cavisson-ns-nd-integration

cavisson-ns-nd-integration 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, the...

8CVSS5.3AI score0.00469EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

Path traversal and CSRF vulnerability in build-publisher

build-publisher 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint. Additionally, this endpoint does not require POST requests, resulting in a cross-sit...

8.8CVSS6.5AI score0.01231EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

Missing webhook endpoint authorization in rundeck

rundeck 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint. This allows attackers with Item/Read permission to trigger jobs that are configured to be triggerable via Rundeck. As of publication of this advisory, there is no fix. Learn why we announce this...

8.8CVSS7.7AI score0.00827EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•5 views

Stored XSS vulnerability in Walti

Walti 1.0.1 and earlier does not escape the information provided by the Walti API. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide malicious API responses from Walti. As of publication of this advisory, there is no fix. Learn why we announc...

7.5CVSS5.3AI score0.00469EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•10 views

XXE vulnerability in rqm-plugin

rqm-plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide crafted API responses from Rational Quality Manager to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets fro...

9.8CVSS8.3AI score0.00725EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•11 views

Missing hostname validation in smalltest

smalltest 1.0.4 and earlier does not perform hostname validation when connecting to the configured SmallTest server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections. As of publication of this advisory, there is no fix. Learn why we announce...

8.1CVSS7.6AI score0.00539EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

Missing permission check in apprenda allows enumerating credentials IDs

apprenda 2.2.0 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. As o...

4.3CVSS5.1AI score0.00544EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•8 views

Stored XSS vulnerability in DotCi

DotCi 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted commit notifications to the /githook/...

8.8CVSS5.3AI score0.00587EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•9 views

Missing permission check in extreme-feedback

extreme-feedback 1.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. As of publication of this...

5.4CVSS5.6AI score0.00461EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

Lack of authentication mechanism in DotCi webhook

DotCi provides a webhook endpoint at /githook/ that can be used to trigger builds of the job for a GitHub repository. In DotCi 2.40.00 and earlier, this endpoint can be accessed without authentication. This allows unauthenticated attackers to trigger builds of jobs corresponding to the...

9.8CVSS8.2AI score0.00879EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

CSRF vulnerability and missing permission check in scm-httpclient allow capturing credentials

scm-httpclient 1.5 and earlier does not perform permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...

8.8CVSS6.9AI score0.00551EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

Missing permission checks in CONS3RT allow enumerating credentials IDs

CONS3RT 1.0.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. ...

4.3CVSS5.1AI score0.00544EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

Stored XSS vulnerability in anchore-container-scanner

anchore-container-scanner 1.0.24 and earlier does not escape content provided by the Anchore engine API. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control API responses by Anchore engine. anchore-container-scanner 1.0.25 escapes content...

8CVSS5.3AI score0.00602EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•8 views

XXE vulnerability in compuware-common-configuration

compuware-common-configuration 1.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to change the contents of the Topaz Workbench CLI home directory on agents to have Jenkins parse a crafted file that uses external entities fo...

9.8CVSS8.4AI score0.00787EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•12 views

Missing permission check in build-publisher

build-publisher 1.22 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins...

4.3CVSS5AI score0.00516EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•5 views

Missing permission checks in rundeck

rundeck 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints. This allows attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled. As of publication of this...

4.3CVSS5AI score0.00516EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•5 views

XSS vulnerability

Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control tooltips for this component. NOTE: As of...

8CVSS6.1AI score0.0089EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

CSRF vulnerability and missing permission check in cavisson-ns-nd-integration

cavisson-ns-nd-integration 4.8.0.129 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified username and password. Additionally, this form...

8.8CVSS7.8AI score0.00827EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•9 views

Agent-to-controller security bypass in wildfly-deployer allows reading arbitrary files

wildfly-deployer 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. NOTE: This vulnerability is...

6.5CVSS5.8AI score0.00578EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

CSRF vulnerability in security-inspector

security-inspector 117.v6eecc36919c2 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users a...

8.8CVSS7.8AI score0.00372EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•9 views

RCE vulnerability in DotCi

DotCi 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by attackers able to modify .ci.yml files in SCM. As of publication of this advisory, there is no fix. Learn why we...

9.8CVSS9.2AI score0.0136EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•7 views

Missing hostname validation in view26

view26 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections. As of publication of this advisory, there is no fix. Learn why we announce this...

8.1CVSS7.6AI score0.00539EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•8 views

CSRF vulnerability and missing permission check in ws-execution-manager allow capturing credentials

ws-execution-manager 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

8.8CVSS6.9AI score0.00612EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•6 views

API key stored in plain text by bigpanda-jenkins

bigpanda-jenkins 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file BigpandaGlobalNotifier.xml on the Jenkins controller as part of its configuration. This API key can be viewed by users with access to the Jenkins controller file system. Additionally, the...

5.3CVSS5.1AI score0.0042EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•7 views

CSRF vulnerability and missing permission checks in CONS3RT allow capturing credentials

CONS3RT 1.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials...

8.8CVSS6.9AI score0.00676EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/21 12:0 a.m.•8 views

API token stored in plain text by CONS3RT

CONS3RT 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller as part of its configuration. This API token can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix. Learn why we...

6.5CVSS6.4AI score0.00676EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/09/09 12:0 a.m.•6 views

HTTP/2 denial of service vulnerability in bundled Jetty

Jenkins bundles Winstone-Jetty, a wrapper around Jetty, to act as HTTP and servlet server when started using java -jar jenkins.war. This is how Jenkins is run when using any of the installers or packages, but not when run using servlet containers such as Tomcat. Jenkins LTS 2.346.3 and earlier,...

7.5CVSS6.5AI score0.0227EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/08/23 12:0 a.m.•11 views

Improper masking of credentials in git

git 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding. Usernames are masked instead of passwords in cases when usernames are not set to be treated as secret. git...

6.5CVSS6.3AI score0.00781EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/08/23 12:0 a.m.•8 views

RCE vulnerability in Kubernetes Continuous Deploy

Kubernetes Continuous Deploy 2.3.1 and earlier bundles a version of Kubernetes Java Client library with the vulnerability https://vulners.com/cve/CVE-2021-25738CVE-2021-25738 that does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code...

8.8CVSS7.9AI score0.00458EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/08/23 12:0 a.m.•14 views

RabbitMQ password stored in plain text by collabnet

collabnet 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file hudson.plugins.collabnet.share.TeamForgeShare.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.4AI score0.00702EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/08/23 12:0 a.m.•8 views

Stored XSS vulnerability in jobConfigHistory

jobConfigHistory 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names. jobConfigHistory 1166.vc9f255f45b8a escapes the job name on...

8CVSS5.4AI score0.0059EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•6 views

Missing hostname verification in git-client

git-client 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH. This lack of verification could be abused using a man-in-the-middle attack to intercept these connections. git-client 3.11.1 provides strategies for performing host key verificati...

8.1CVSS6.5AI score0.00783EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•6 views

Missing permission checks in compuware-topaz-utilities

compuware-topaz-utilities 1.0.8 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those credentials IDs can be...

4.3CVSS5AI score0.00569EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•6 views

Missing permission checks in compuware-xpediter-code-coverage

compuware-xpediter-code-coverage 1.0.7 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins. Those credentials IDs...

4.3CVSS5AI score0.00569EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•6 views

Agent-to-controller security bypass in compuware-zadviser-api

compuware-zadviser-api defines a controller/agent message that retrieves Java system properties. compuware-zadviser-api 1.0.3 and earlier does not restrict execution of the controller/agent message to agents. This allows attackers able to control agent processes to retrieve Java system properties...

8.2CVSS7.9AI score0.00832EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2022/07/27 12:0 a.m.•6 views

Missing permission checks in repository-connector allow enumerating credentials IDs

repository-connector 2.2.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS5AI score0.00581EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1464