JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData o…
[org.jvnet.hudson.plugins:hipchat] Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. As of version 2.2.1, an enume…
[org.jvnet.hudson.plugins:hipchat] Jenkins HipChat Plugin allows credential capture due to incorrect authorization
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified…
[io.jenkins.blueocean:blueocean] Missing Authorization in Jenkins Blue Ocean Plugin
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.
References
https://nvd.nist.gov/vuln/d…
[org.apache.geode:geode-core] Apache Geode vulnerable to Incorrect Authorization
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be …
[org.richfaces:richfaces-core] Richfaces vulnerable to arbitrary code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via or…
[org.jenkins-ci.main:jenkins-core] Incorrect Authorization in Jenkins Core
Jenkins before versions before 2.44 are vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenki…
[org.apache.struts:struts2-core] Code injection in Apache Struts
A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks.
both the s:url and s:a tag provide an includeParams attribute.
The main scope of that …
[org.apache.struts:struts2-core] Code injection in Apache Struts
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with “action:” or “redirect:”, followed by a desired navigational target expression. This mechanism was intended to help with attachin…
[org.apache.struts:struts2-core] Server side object manipulation in Apache Struts
OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the ‘#’-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context obj…