🕴 3 Critical Software Development Security Trends and Best Practices 🕴
📖 Read
via "Dark Reading".
Organizations should focus on proactive, development-based approaches to security.📖 Read
via "Dark Reading".
Dark Reading
3 Critical Software Development Security Trends and Best Practices
Organizations should focus on proactive, development-based approaches to security.
❌ Chrome Zero-Day Under Active Attack: Patch ASAP ❌
📖 Read
via "Threat Post".
The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.📖 Read
via "Threat Post".
Threat Post
Chrome Zero-Day Under Active Attack: Patch ASAP
The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.
🕴 The Unsettling Reason Why Your Help Desk May Be Your Greatest Security Vulnerability 🕴
📖 Read
via "Dark Reading".
A rogue help-desk employee could gain access to user accounts through unauthorized password resets. It's time to bring zero trust to the help desk.📖 Read
via "Dark Reading".
Dark Reading
The Unsettling Reason Why Your Help Desk May Be Your Greatest Security Vulnerability
A rogue help-desk employee could gain access to user accounts through unauthorized password resets. It's time to bring zero trust to the help desk.
‼ CVE-2022-25200 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25195 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22770 ‼
📖 Read
via "National Vulnerability Database".
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25208 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25191 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25210 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25197 ‼
📖 Read
via "National Vulnerability Database".
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25196 ‼
📖 Read
via "National Vulnerability Database".
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25178 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25198 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25187 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25211 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25179 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25205 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25212 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25183 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25206 ‼
📖 Read
via "National Vulnerability Database".
A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25181 ‼
📖 Read
via "National Vulnerability Database".
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.📖 Read
via "National Vulnerability Database".