βΌ CVE-2022-1955 βΌ
π Read
via "National Vulnerability Database".
Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.π Read
via "National Vulnerability Database".
π What is Data Security? π
π Read
via "".
What is data security, why does it matter, and what are the best ways to address data security?π Read
via "".
βΌ CVE-2022-34794 βΌ
π Read
via "National Vulnerability Database".
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-33312 βΌ
π Read
via "National Vulnerability Database".
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-34790 βΌ
π Read
via "National Vulnerability Database".
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2197 βΌ
π Read
via "National Vulnerability Database".
By using a specific credential string, an attacker with network access to the deviceΓ’β¬β’s web interface could circumvent the authentication scheme and perform administrative operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34785 βΌ
π Read
via "National Vulnerability Database".
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34783 βΌ
π Read
via "National Vulnerability Database".
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34786 βΌ
π Read
via "National Vulnerability Database".
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34799 βΌ
π Read
via "National Vulnerability Database".
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34777 βΌ
π Read
via "National Vulnerability Database".
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34779 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34780 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34795 βΌ
π Read
via "National Vulnerability Database".
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33327 βΌ
π Read
via "National Vulnerability Database".
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34804 βΌ
π Read
via "National Vulnerability Database".
Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34788 βΌ
π Read
via "National Vulnerability Database".
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33328 βΌ
π Read
via "National Vulnerability Database".
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34791 βΌ
π Read
via "National Vulnerability Database".
Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34782 βΌ
π Read
via "National Vulnerability Database".
An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34784 βΌ
π Read
via "National Vulnerability Database".
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.π Read
via "National Vulnerability Database".