Skip to content

TechMedia

Header Image
Category

HIGH

385 Posts

Featured

Posted byWpmaster
[Microsoft.NetCore.App.Runtime.win-arm] .NET Remote Code Execution Vulnerability
Posted byWpmaster
[github.com/traefik/traefik/v2] Traefik HTTP header parsing could cause a denial of service
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Exposure of Sensitive Information Through Metadata
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Insertion of Sensitive Information Into Sent Data

[org.jenkins-ci.main:jenkins-core] Cross-site Scripting vulnerability in Jenkins

  • Posted inHIGH
  • Posted byWpmaster
  • 06/24/202212/06/2022

Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for SECURITY-1955.
This vulnerability is known to be exploitable by attackers with Job/Configure permission.
Jenkins 2.356, LTS 2.332…

[org.jenkins-ci.main:jenkins-core] Cross-site Scripting vulnerability in Jenkins

  • Posted inHIGH
  • Posted byWpmaster
  • 06/24/202212/06/2022

Since Jenkins 2.340, the tooltip of the build button in list views supports HTML without escaping the job display name.
This vulnerability is known to be exploitable by attackers with Job/Configure permission.
Jenkins 2.356 addresses this vulnerability…

[org.jenkins-ci.main:jenkins-core] Cross-site Scripting vulnerability in Jenkins

  • Posted inHIGH
  • Posted byWpmaster
  • 06/24/202212/06/2022

Since Jenkins 2.340, symbol-based icons unescape previously escaped values of tooltip parameters.
This vulnerability is known to be exploitable by attackers with Job/Configure permission.
Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulner…

[Newtonsoft.Json] Improper Handling of Exceptional Conditions in Newtonsoft.Json

  • Posted inHIGH
  • Posted byWpmaster
  • 06/23/202201/10/2023

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial O…

[camaleon_cms] Camaleon CMS Insufficient Session Expiration vulnerability

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202201/25/2023

Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.
Refe…

[org.jenkins-ci.plugins:scriptler] Stored XSS vulnerability in Jenkins Scriptler Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/16/2022

Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Scriptler scripts.
Scriptler…

[org.biouno:uno-choice] Stored XSS vulnerability in Jenkins Active Choices Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/16/2022

Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission…

[org.jenkins-ci.plugins:performance] XXE vulnerability in Jenkins Performance Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/16/2022

Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for…

[org.jenkins-ci.main:jenkins-core] Agent-to-controller access control allows reading/writing most content of build directories in Jenkins

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/17/2022

Agents are allowed some limited access to files on the Jenkins controller file system. The directories agents are allowed to access in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier include the directories storing build-related information, intende…

[org.jenkins-ci.main:jenkins-core] Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/17/2022

Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs. This directory is used by the Pipeline: Shared Groovy Libraries Plugin to store copi…

Posts navigation

Previous Posts 1 … 24 25 26 27 28 … 39 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close