Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-36881: Jenkins Security Advisory 2022-07-27

Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks.

CVE
Open in Source
#xss#csrf#vulnerability#web#android#google#git#java#auth#ssh#rpm#maven
CVE-2022-36905: Jenkins Security Advisory 2022-07-27

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2022-36921: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2022-36887: Jenkins Security Advisory 2022-07-27

A cross-site request forgery (CSRF) vulnerability in Jenkins Job Configuration History Plugin 1155.v28a_46a_cc06a_5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations.

CVE-2022-36914: Jenkins Security Advisory 2022-07-27

Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

CVE-2022-36897: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.

CVE-2022-24406: Full Disclosure: Open-Xchange Security Advisory 2022-07-21

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.

CVE-2022-34549: CWE-434: Unrestricted Upload of File with Dangerous Type (4.8)

Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file.

CVE-2022-34550: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') · Issue #8 · rawchen/sims

Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter.

Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite

Security release also includes precautionary patches for potential Log4j-like flaw in Logback library