Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split …
[github.com/free5gc/free5gc] Free5gc vulnerable to uncontrolled resource consumption
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-38871
https://github.com/free5gc/free5gc/issues/198
https://github.com/advisories/GHSA-m74x-fxjh-3qh9
[org.jenkins-ci.main:config-rotator] Jenkins Config Rotator Plugin vulnerable to path traversal
Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with ‘.xml’ extension on the Jenkins controller file system. Currently there i…
[org.jenkins-ci.plugins:bart] Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. Currently, there are no known workarounds or patches available…
[org.jenkins-ci.main:associated-files-plugin] Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Currently, there are no known workaroun…
[org.jenkins-ci.plugins:pipeline-utility-steps] Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library.
Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefi…
[org.jenkins-ci.plugins:naginator] Cross-site Scripting in Jenkins Naginator Plugin
Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display nam…
[org.jenkins-ci.plugins:script-security] Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the approved script. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest.
Script Security Plugi…
[org.jenkins-ci.plugins:junit] Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links.
This is done in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure p…
[github.com/hashicorp/consul] Missing Authorization in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering’s imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3920
https://discu…