Skip to content

TechMedia

Header Image
Category

MODERATE

588 Posts

Featured

Posted byWpmaster
[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

[com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger] Cross-site request forgery in Jenkins Gerrit Trigger Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-24423
https://www.jenkins.io/se…

[org.jenkins-ci.plugins:bitbucket-oauth] Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker’s account.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-24428
https://www.jenk…

[org.jenkins-ci.plugins:ghprb] Missing permission check in Jenkins GitHub Pull Request Builder Plugin allows enumerating credentials IDs

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
References

https://nvd.nist.gov/vuln/detail/CVE-20…

[org.jvnet.hudson.plugins:pwauth] Path traversal vulnerability in Jenkins PWauth Security Realm Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenk…

[org.jvnet.hudson.plugins:mstest] XML external entity vulnerability on agents in Jenkins MSTest Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-24441
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2292
https…

[org.jenkins-ci.plugins:rabbitmq-consumer] Missing permission check in Jenkins RabbitMQ Consumer Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.
References

https://nvd.nist.go…

[org.jenkins-ci.plugins:ghprb] Missing permission checks in Jenkins GitHub Pull Request Builder Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, …

[io.jenkins.plugins:macstadium-orka] Missing permission checks in Jenkins Orka Plugin allow capturing credentials

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, captu…

[io.jenkins.plugins:macstadium-orka] CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing…

[io.jenkins.plugins:macstadium-orka] Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/27/202301/27/2023

A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-24431
ht…

Posts navigation

Previous Posts 1 … 3 4 5 6 7 … 59 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close