By manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the w…
[Microsoft.AspNetCore.SpaServices] Elevation of privilege in ASP.NET Core
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka ‘ASP.NET Core Elevation Of Privilege Vulnerability’.
References
https://nvd.ni…
[org.apache.solr:solr-core] Apache Solr vulnerable to XML Bomb
Solr versions prior to 5.0.0 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses t…
[com.github.kevinsawicki:http-request] Missing certificate validation
OSS Http Request (kevinsawicki/http-request) is missing SSL/TLS certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing.
References
https://nv…
[org.jenkins-ci.plugins:gitea] Improper handling of untrusted branches in Gitea Jenkins Plugin
Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
References
https://nvd.nist.gov/vu…
[org.jenkins-ci.plugins:influxdb] Plaintext password storage in Jenkins InfluxDB Plugin
Jenkins InfluxDB Plugin Prior to 1.22 stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-1…
[org.jenkins-ci.plugins:pipeline-maven] XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory’s content on the agent running the Maven build to have Jenkins parse a maliciously craft…
[Microsoft.ChakraCore] Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption
Chakra Scripting Engine and ChakraCore are vulnerable to memory corruption due to an out-of-bounds write. The Microsoft advisory for CVE-2021-42279 was modified in August 2022 to include Microsoft.ChakraCore as an affected product.
References
https://…
[org.jenkins-ci.main:jenkins-core] Improper Authorization in Jenkins
When creating temporary files, agent-to-controller access to create those files is only checked after they’ve been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-21693
https://www.je…
[org.jenkins-ci.main:jenkins-core] Missing Authorization in Jenkins
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-21689
https://www.jenkins.io/security/advisory/202…