‼ CVE-2022-25200 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25195 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22770 ‼
📖 Read
via "National Vulnerability Database".
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25208 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and earlier allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse an XML response.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25191 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25210 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25197 ‼
📖 Read
via "National Vulnerability Database".
Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25196 ‼
📖 Read
via "National Vulnerability Database".
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25178 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25198 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25187 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25211 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25179 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25205 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers to connect to an attacker-specified database via JDBC using attacker-specified credentials and to determine if a class is available in the Jenkins instance.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25212 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25183 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25206 ‼
📖 Read
via "National Vulnerability Database".
A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25181 ‼
📖 Read
via "National Vulnerability Database".
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25201 ‼
📖 Read
via "National Vulnerability Database".
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25209 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.📖 Read
via "National Vulnerability Database".
🕴 Red Canary Launches Partner Program 🕴
📖 Read
via "Dark Reading".
Red Canary Partner Connect will unite a diverse ecosystem of incident response, risk and managed services partners.📖 Read
via "Dark Reading".
Dark Reading
Red Canary Launches Partner Program
Red Canary Partner Connect will unite a diverse ecosystem of incident response, risk and managed services partners.