Security
Headlines
HeadlinesLatestCVEs

Tag

#aws

CVE-2020-12692: security - [OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING)

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.

CVE
#web#mac#windows#linux#git#php#rce#aws#auth
CVE-2020-2173: Jenkins Security Advisory 2020-04-07

Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.

CVE-2020-2163: Jenkins Security Advisory 2020-03-25

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.

CVE-2020-2169: Jenkins Security Advisory 2020-03-25

A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.

CVE-2020-2170: Jenkins Security Advisory 2020-03-25

Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.

CVE-2020-2096: Jenkins Security Advisory 2020-01-15

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.

CVE-2020-2094: Jenkins Security Advisory 2020-01-15

A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.

CVE-2020-2091: Jenkins Security Advisory 2020-01-15

A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.

CVE-2017-18539: WebLibrarian

The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.