GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

GHSA-v7vm-rhmg-8j2r: Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API

GHSA-2xcc-vm3f-m8rw: @lobehub/chat Server Side Request Forgery vulnerability

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to access other users' "My Views". Attackers with global View/Configure and View/Delete permissions are also able to change other users' "My Views".

Jenkins 2.471, LTS 2.452.4, LTS 2.462.1 restricts access to a user’s "My Views" to the owning user and administrators.

**Jenkins does not perform a permission check in an HTTP endpoint**

Moderate severity GitHub Reviewed Published Aug 7, 2024 to the GitHub Advisory Database • Updated Aug 7, 2024

Headline

GHSA-8pv9-qh96-9hc6: Jenkins does not perform a permission check in an HTTP endpoint

ghsa: Latest News