Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the ‘List Git branches (and more)’ parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permissio…
[org.jenkins-ci.plugins:release-helper] CSRF vulnerability in Jenkins Release Helper Plugin
A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-27…
[org.jenkins-ci.plugins:dbCharts] Passwords stored in plain text by Jenkins dbCharts Plugin
Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file hudson.plugins.dbcharts.DbChartPublisher.xml on the Jenkins controller as part of its configuration.
These passwords can be viewed b…
[io.jenkins.plugins:environment-dashboard] Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/C…
[com.incapptic.plugins:incapptic-connect-uploader] Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Ref…
[org.jenkins-ci.plugins:release-helper] Missing permission checks in Jenkins Release Helper Plugin
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
References
https://nvd.nist.gov/vuln/detail/CVE-2…
PS5と相性抜群!次世代対応の密閉型ゲーミングヘッドセット「Arctis 7P+ Wireless」をレビュー!
ゲームをプレイする時、使用しているPCはもちろんですが、オーディオ面も重要になってきますよね。ゲーム…
[org.postgresql:postgresql] Path traversal in org.postgresql:postgresql
** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that …
最大40Gbpsの超高速データ転送実現するゲーミングケーブル「Razer Thunderbolt 4 ケーブル」登場!
理想のゲーミング環境を構築するのに、一定以上の性能を持つゲーミングデバイスは必要になってきますよね。…
Googleがサイバーセキュリティ企業のMandiantを買収へ
Googleがサイバーセキュリティ企業のMandiantを買収する意向であることを発表した。Mand…