Skip to content

TechMedia

Header Image
Category

MODERATE

588 Posts

Featured

Posted byWpmaster
[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

[google-protobuf] protobuf-java has a potential Denial of Service issue

  • Posted inMODERATE
  • Posted byWpmaster
  • 10/05/202210/20/2022

Summary
A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown f…

[jodit] Jodit Editor vulnerable to Cross-site Scripting

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/25/202212/29/2022

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workaroun…

[com.groupon.jenkins-ci.plugins:DotCi] Lack of authentication mechanism in Jenkins DotCi Plugin webhook

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/07/2022

DotCi Plugin provides a webhook endpoint at /githook/ that can be used to trigger builds of the job for a GitHub repository.
In DotCi Plugin 2.40.00 and earlier, this endpoint can be accessed without authentication.
This allows unauthenticated attacker…

[org.jenkins-ci.plugins:build-publisher] Missing permission check in Jenkins build-publisher Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/06/2022

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as …

[org.jenkins-ci.plugins:ws-execution-manager] CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/07/2022

Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified c…

[org.jenkins-ci.plugins:ws-execution-manager] CSRF vulnerability and mM

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/12/2022

Worksoft Execution Manager Plugin 10.0.3.503 and earlier does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified c…

[org.jenkins-ci.plugins:build-publisher] Path traversal in Jenkins build-publisher Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/06/2022

Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint. Additionally, this endpo…

[io.jenkins.plugins:cavisson-ns-nd-integration] Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/06/2022

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers…

[org.jenkins-ci.plugins:rundeck] Jenkins Rundeck Plugin Missing Authorization vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/07/2022

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifact…

[org.jenkins-ci.plugins:rundeck] Missing webhook endpoint authorization in Jenkins Rundeck Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/09/2022

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.
References

https://nvd.nist.gov/…

Posts navigation

Previous Posts 1 … 35 36 37 38 39 … 59 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close