Skip to content

TechMedia

Header Image
Category

MODERATE

588 Posts

Featured

Posted byWpmaster
[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

[Microsoft.NETCore.App.Runtime.linux-musl-x64] Denial of service in .NET core

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202211/02/2022

.NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-1721
https://portal.msrc.micro…

[org.jenkins-ci.main:jenkins-core] Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/14/2022

Due to a time-of-check to time-of-use (TOCTOU) race condition, the file browser for workspaces, archived artifacts, and $JENKINS_HOME/userContent/ follows symbolic links to locations outside the directory being browsed in Jenkins 2.275 and LTS 2.263.2….

[org.jenkins-ci.main:jenkins-core] Excessive memory allocation in graph URLs leads to denial of service in Jenkins

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/14/2022

Jenkins renders several different graphs for features like agent and label usage statistics, memory usage, or various plugin-provided statistics.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit the graph size provided as query paramet…

[org.jenkins-ci.main:jenkins-core] Arbitrary file existence check in file fingerprints in Jenkins

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/14/2022

Jenkins provides a feature for jobs to store and track fingerprints of files used during a build. Jenkins 2.274 and earlier, LTS 2.263.1 and earlier provides a REST API to check where a given fingerprint was used by which builds. This endpoint does not…

[org.jenkins-ci.main:jenkins-core] Arbitrary file read vulnerability in workspace browsers in Jenkins

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/14/2022

The file browser for workspaces, archived artifacts, and $JENKINS_HOME/userContent/ follows symbolic links to locations outside the directory being browsed in Jenkins 2.274 and earlier, LTS 2.263.1 and earlier.
This allows attackers with Job/Workspace …

[io.jenkins.plugins:chaos-monkey] Missing permission checks in Jenkins Chaos Monkey Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/24/2022

Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints.
This allows attackers with Overall/Read permission to generate load and to generate memory leaks.
Chaos Monkey Plugin 0.4 requires Overall/Administer perm…

[io.jenkins.plugins:chaos-monkey] Missing permission checks in Jenkins Chaos Monkey Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/17/2022

Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint.
This allows attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
Chaos Monkey Plugin 0.4.1 requires Overall…

[org.jenkins-ci.plugins:mailcommander] Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/22/2022

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller fi…

[io.jenkins.plugins:aws-global-configuration] Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/22/2022

AWS Global Configuration Plugin 1.5 and earlier does not perform a permission check in an HTTP endpoint processing form submissions.
This allows attackers with Overall/Read permission to replace the global AWS configuration.
AWS Global Configuration Pl…

[org.jenkins-ci.plugins:ansible] Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/22/2022

Ansible Plugin 1.0 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an…

Posts navigation

Previous Posts 1 … 40 41 42 43 44 … 59 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close