Skip to content

TechMedia

Header Image
Archive

Month: May 2022

376 Posts

Featured

Posted byWpmaster
ウクライナ戦争に見るワイパー攻撃の実態とデジタル情報操作
Posted byWpmaster
「エースコンバット」と「トップガン マーヴェリック」が夢のコラボ!マーヴェリックスキンの「F-14A Tomcat」や「F/A-18E Super Hornet」が登場!
Posted byWpmaster
高橋幸宏、ソロ活動50周年記念!『T.E.N.T Years Vinyl Box』収録ライブ音源の詳細発表!
Posted byWpmaster
[camaleon_cms] Camaleon CMS Stored Cross-site Scripting vulnerability

[org.jvnet.hudson.plugins:warnings] CSRF vulnerability in Jenkins warnings Plugin allows remote code execution

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/20/2022

warnings Plugin 5.0.1 and earlier does not require POST requests for a form validation method intended for testing custom warnings parsers, resulting in a cross-site request forgery (CSRF) vulnerability.
This vulnerability allows attackers to execute a…

[org.jenkins-ci.plugins:elastest] Passwords stored in plain text by ElasTest Plugin

  • Posted inLOW
  • Posted byWpmaster
  • 05/25/202201/05/2023

Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
References

https://nvd.nist….

[org.jenkins-ci.plugins:elastest] Missing permission checks in ElasTest Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/29/2022

A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-22…

[org.jenkins-ci.plugins:elastest] CSRF vulnerability in ElasTest Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/29/2022

A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2273
htt…

[org.jvnet.hudson.plugins:copy-data-to-workspace-plugin] Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller.
Refe…

[org.jvnet.hudson.plugins:storable-configs-plugin] Arbitrary file write vulnerability in Storable Configs Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other ‘.xml’ file on the Jenkins controller with a job config.xml file’s content.
References…

[org.jvnet.hudson.plugins:storable-configs-plugin] Arbitrary file read vulnerability in Storable Configs Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2277
https://www.jenkins.io/security/advisory/2020-09-16/#SEC…

[org.jvnet.hudson.plugins:selection-tasks-plugin] System command execution vulnerability in Selection tasks Jenkins Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkin…

[io.jenkins.plugins:perfecto] OS command execution vulnerability in Perfecto Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

Perfecto Plugin allows specifying Perfecto Connect Path and Perfecto Connect File Name in job configurations.
This command is executed on the Jenkins controller in Perfecto Plugin 1.17 and earlier, allowing attackers with Job/Configure permission to ru…

[io.jenkins.plugins:perfecto] Missing permission check in Perfecto Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/29/2022

Perfecto Plugin 1.17 and earlier does not perform a permission check in a method implementing a connection test.
This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified username and passw…

Posts navigation

Previous Posts 1 … 10 11 12 13 14 … 38 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close