Skip to content

TechMedia

Header Image
Category

MODERATE

588 Posts

Featured

Posted byWpmaster
[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

[org.jenkins-ci.plugins:gatling] XSS vulnerability in Jenkins Gatling Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/21/2022

Gatling Plugin 1.2.7 and earlier serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625.3. This results in a cross-site scripting (XSS) vulnerability exploitable by users able to ch…

[br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin] Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/21/2022

AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output.
This results in a reflected cross-site scripting (XSS) vulnerability.
AWSEB Deployment Plugin 0.3.20 escapes the values printed as part…

[org.jenkins-ci.plugins:queue-cleanup] Reflected XSS vulnerability in Jenkins Queue cleanup Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/22/2022

A form validation HTTP endpoint in Queue cleanup Plugin 1.3 and earlier does not escape a query parameter displayed in an error message. This results in a reflected cross-site scripting vulnerability (XSS).
Queue cleanup Plugin 1.4 correctly escapes th…

[org.jenkins-ci.plugins:rapiddeploy-jenkins] Stored XSS vulnerability in Jenkins RapidDeploy Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/22/2022

RapidDeploy Plugin 4.2 and earlier does not escape package names in its displayed table of packages obtained from a remote server. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure jobs.
RapidDeplo…

[org.jvnet.hudson.plugins:svn-release-mgr] Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS)

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202201/07/2023

Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation. This results in a reflected cross-site scripting vulnerability that can also be exploited similar to a stored cross-site s…

[fr.edf.jenkins.plugins:mac] Missing permission checks in Mac Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202201/14/2023

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-…

[fr.edf.jenkins.plugins:mac] Missing SSH host key validation in Mac Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202201/14/2023

Mac Plugin 1.1.0 and earlier does not use SSH host key validation when connecting to Mac Cloud host launched by the plugin. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents.
Mac Plu…

[fr.edf.jenkins.plugins:mac] CSRF vulnerability in Mac Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202201/14/2023

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2147
https://…

[org.jenkins-ci.plugins:p4] Missing permission checks in Jenkins P4 Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202201/22/2023

A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds or add labels in the Perforce repository.
P4 Plugin 1.10.11 appropriate user permissions for the affected HTTP endpoints…

[org.jenkins-ci.plugins:timestamper] Stored XSS vulnerability in Jenkins Timestamper Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202201/06/2023

Timestamper Plugin 1.11.1 and earlier does not escape or sanitize the HTML formatting used to display the timestamps in console output for builds.
This results in a stored cross-site scripting vulnerability that can be exploited by users with Overall/A…

Posts navigation

Previous Posts 1 … 46 47 48 49 50 … 59 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close