Skip to content

TechMedia

Header Image
Category

MODERATE

588 Posts

Featured

Posted byWpmaster
[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

[org.jenkins-ci.plugins:security-inspector] CSRF vulnerability in Jenkins Security Inspector plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/07/2022

Security Inspector Plugin 117.v6eecc36919c2 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to replace the generated report stored in a…

[org.jenkins-ci.plugins:cons3rt] Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/06/2022

CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obt…

[org.jenkins-ci.plugins:cons3rt] CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/06/2022

CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obt…

[org.jenkins-ci.plugins:cons3rt] Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs

  • Posted inMODERATE
  • Posted byWpmaster
  • 09/22/202212/06/2022

CONS3RT Plugin 1.0.0 and earlier does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to c…

[administrate] administrate vulnerable to Cross-Site Request Forgery

  • Posted inMODERATE
  • Posted byWpmaster
  • 08/06/202201/27/2023

Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user’s OAuth autorization code.
References

https://nvd.nist.gov/vuln/detail/CVE-2016-3098
https://seclists.org/oss-sec/2016/q2/0
ht…

[net.praqma:rqm-plugin] Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check

  • Posted inMODERATE
  • Posted byWpmaster
  • 07/01/202212/09/2022

Jenkins RQM Plugin 2.8 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capt…

[net.praqma:matrix-reloaded] Jenkins Matrix Reloaded Plugin vulnerable to CSRF

  • Posted inMODERATE
  • Posted byWpmaster
  • 07/01/202212/09/2022

Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability. This vulnerability allows attackers to rebuild previous matrix builds.
References

htt…

[com.xebialabs.ci:xlrelease-plugin] Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials

  • Posted inMODERATE
  • Posted byWpmaster
  • 07/01/202212/09/2022

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, c…

[com.xebialabs.ci:xlrelease-plugin] CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials

  • Posted inMODERATE
  • Posted byWpmaster
  • 07/01/202212/13/2022

XebiaLabs XL Release Plugin 22.0.0 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified crede…

[org.jenkins-ci.main:jenkins-core] Observable timing discrepancy allows determining username validity in Jenkins

  • Posted inMODERATE
  • Posted byWpmaster
  • 06/24/202212/06/2022

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the…

Posts navigation

Previous Posts 1 … 36 37 38 39 40 … 59 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close