Skip to content

トピトピニュース

Header Image
Archive

Month: May 2022

251 Posts

Featured

Posted byByakuya Biz Books
シンガポール発のコーヒーチェーン「フラッシュコーヒー」が2年で250店舗に拡大した理由
Posted byGoogle Japan Blog
個人情報を考える週間: パスワードとオンライン アカウントを安全に保つためのヒント
Posted byねっと特報
ウクライナ戦争に見るワイパー攻撃の実態とデジタル情報操作
Posted byFunglr Games(日本語)
「エースコンバット」と「トップガン マーヴェリック」が夢のコラボ!マーヴェリックスキンの「F-14A Tomcat」や「F/A-18E Super Hornet」が登場!

[org.jenkins-ci.main:jenkins-core] Infinite Loop in Jenkins Core

  • Posted inMODERATE
  • Posted byGitHub
  • 05/13/202211/02/2022

A Cron expression form validation could enter infinite loop, potentially resulting in denial of service. The form validation for cron expressions (e.g. “Poll SCM”, “Build periodically”) could enter infinite loops when cron expressions only matching cer…

[org.apache.guacamole:guacamole-common] Missing Encryption of Sensitive Data in Apache Guacamole

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/04/2022

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user’s session token. This cookie lacked the “secure” flag, which could allow an attacker eavesdropping on the network to intercept the user’s session token if unencrypted HT…

[org.apache.jmeter:ApacheJMeter] Missing certificate validation in Apache JMeter

  • Posted inCRITICAL
  • Posted byGitHub
  • 05/13/202211/05/2022

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
References

https://nvd.nist.gov/vuln/detail/CVE-2018-1297
…

[org.apache.jmeter:ApacheJMeter] Missing certificate validation in Apache JMeter

  • Posted inCRITICAL
  • Posted byGitHub
  • 05/13/202211/05/2022

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Dist…

[org.grails.plugins:asset-pipeline] Asset Pipeline Grails Plugin vulnerable to Path Traversal

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/23/2022

Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This att…

[io.jenkins:configuration-as-code] Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/09/2022

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to…

[com.amazonaws:aws-codepipeline] Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/08/2022

Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local …

[com.amazonaws:aws-codebuild] Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin

  • Posted inHIGH
  • Posted byGitHub
  • 05/13/202211/08/2022

Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitab…

[com.synopsys.jenkinsci:ownership] Improper authorization in Jenkins Job and Node Ownership Plugin

  • Posted inMODERATE
  • Posted byGitHub
  • 05/13/202211/04/2022

An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in
OwnershipDescription.java,
JobOwnerJobProperty.java,
and OwnerNodeProperty.java

that allow an attacker with Job/Configure or Computer/Con…

[org.apache.geode:geode-core] Apache Geode vulnerable to Exposure of Sensitive Information

  • Posted inMODERATE
  • Posted byGitHub
  • 05/13/202211/08/2022

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In add…

Posts navigation

Previous Posts 1 … 17 18 19 20 21 … 26 Next Posts
トピトピニュース
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close