ghsa

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.

In September 2021, security researchers discovered a malicious Composer package called `symfont/process`, a typosquat targeting users of `symfony/process`. The malicious package has since been removed from Packagist.

### Impact A memory overwrite bug was reported by a security researcher in the **ConvertToSinglePlane** method via the *texconv* command-line tool when given an invalid height for planar video textures such as NV12. This can be a potential security bug for any clients of the library who follow the same pattern. This issue *does not* impact use of the DDS texture loader itself, only when combined with `ConvertToSinglePlane` for converting multi-planar video formats. All other functions in the library fail immediately if given images in planar formats. ### Patches The fix to the specific area as well as general hardening can be found in [this PR](https://github.com/microsoft/DirectXTex/pull/307) and will be included in the January 2023 or later release of DirectXTex. ### Workarounds If your code makes use of **ConvertToSinglePlane**, you can validate that the width & height alignment requirements are met for the input image before calling the function.

### Impact Password reset form is vulnerable to CSRF between time reset password link is clicked and user submits new password. ### Patches Versions 19.4.22 and 20.0.19 contain patches. ### Workarounds None ### References See https://hackerone.com/reports/1086752

### Impact All versions of Argo CD starting with v1.8.2 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an `aud` (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD _does_ validate that the token was signed by Argo CD's configured OIDC provider. But Argo CD _does not_ validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD's configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token's `groups` claim, even though those groups were not intended to be used by Argo CD. This bug also increases the blast radius of a stolen token. If an attacker steals a valid token for a different...

### Impact A command injection vulnerability was discovered in Wrangler's Git package affecting versions up to and including `v1.0.0`. Wrangler's Git package uses the underlying Git binary present in the host OS or container image to execute Git operations. Specially crafted commands can be passed to Wrangler that will change their behavior and cause confusion when executed through Git, resulting in command injection in the underlying host. ### Workarounds A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version. ### Patches Patched versions include `v1.0.1` and later and the backported tags - `v0.7.4-security1`, `v0.8.5-security1` and `v0.8.11`. ### For more information If you have any questions or comments about this advisory: * Reach out to [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related...