読売新聞が今月11日から3日間、「防衛の視座 提言」と題した連載で、曲がり角に直面する安全保障の打開策を模索してみせた。 「防衛の視座」シリーズは政治部を中心に今年9月から定期的に掲載し続け、敵基地攻撃能力や衰退する防
[rdiffweb] Rdiffweb vulnerable to Missing Authentication for Critical Function
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4018
https://github.com/ikus060/rdiffweb/commit/f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095
https://…
Sharing suggestions in Google Drive make collaborating easier
What’s changingStarting today, we’re making it easier to share files with the people you typically share with in Google Drive. With this feature, suggested recipients will appear in the sharing dialog to speed up collaboration across your organization….
iFixitがSurface Pro 9の修理しやすさを賞賛。MSも修理パーツを一般提供予定
かつてMicrosoft(以下、「MS」)のSurfaceシリーズは修理しにくいことに定評がありまし…
1972年に生まれたベスト・ソング : 50年前に作られた67の名曲をランキング
1972年にリリースされた曲について、何を語ればいいだろう?この時期は、世界中の一流ミュージシャンが…
[io.loader:loaderio-jenkins-plugin] Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
loader.io Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capt…
[org.jenkins-ci.plugins:delete-log-plugin] Missing permission check in Jenkins Delete log Plugin
A missing permission check in Jenkins Delete log Plugin 1.0 and earlier allows attackers with Item/Read permission to delete build logs. As of publication of this advisory, there is no fix.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-45394
ht…
[org.jenkins-ci.main:associated-files-plugin] Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Currently, there are no known workaroun…
[org.jenkins-ci.plugins:bart] Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. Currently, there are no known workarounds or patches available…
[io.jenkins.plugins:cavisson-ns-nd-integration] SSL/TLS certificate validation globally and unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
NS-ND Integration Performance Publisher Plugin 4.8.0.146 no lo…