In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when t…
[com.xebialabs.deployit.ci:deployit-plugin] Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs
XebiaLabs XL Deploy Plugin 10.0.1 and earlier does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be u…
[net-ldap] net-ldap has weak salt when generating passwords
The Ruby net-ldap gem before 0.16.2 uses a weak salt when generating SSHA passwords.
References
https://nvd.nist.gov/vuln/detail/CVE-2014-0083
https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a
https://bugzilla….
[org.jenkins-ci.plugins:subversion] Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files
Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller fil…
[camaleon_cms] Camaleon CMS vulnerable to Uncaught Exception
In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app’s media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file.
References
https://nvd.nist….
[camaleon_cms] Camaleon CMS vulnerable to Server-Side Request Forgery
In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or o…
[org.jenkins-ci.main:jenkins-core] Path traversal vulnerability on Windows in Jenkins
The file browser for workspaces, archived artifacts, and userContent/ in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows.
This results in a path traversal vulnerability allowing attackers with…
[org.jenkins-ci.main:jenkins-core] Improper handling of equivalent directory names on Windows in Jenkins
Jenkins stores jobs and other entities on disk using their name shown on the UI as file and folder names.
On Windows, when specifying a file or folder with a trailing dot character (example.), the file or folder will be treated as if that character was…
[smashing] Smashing Cross-site Scripting vulnerability
Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim’s computer. The JavaScript code can then steal data available in the session/cookies depending on the user enviro…
[org.jenkins-ci.main:jenkins-core] Improper permission checks allow canceling queue items and aborting builds in Jenkins
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.
Jenkins 2.300, LTS 2.289.2 requires that users ha…