Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library’s vulnerability CVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job config.xml, build.xml, and numerou…
[code.gitea.io/gitea] Reuse of one time passwords allowed in Gitea
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
[code.gitea.io/gitea] Improper Privilege Management in Gitea
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-453…
[org.hibernate:hibernate-core] SQL injection in hibernate-core
A flaw was found in hibernate-core in versions prior to 5.3.20.Final and in 5.4.0.Final up to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL co…
[org.xwiki.platform:xwiki-platform-administration-ui] Remote code execution in xwiki-platform
Impact
It’s possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming right…
[net.mingsoft:ms-mcms] Mingsoft MCMS vulnerable to Remote Code Execution via file upload.
Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileAction#upload, resulting in remote code execution. It is unclear if…
[io.jenkins:configuration-as-code] Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
References
https://nvd.nis…
[onionshare-cli] Improper Access Control in Onionshare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund’s Red Team lab. This is an issue from that penetration test.
Vulnerability ID: OTF-004
Vulnerabi…
[onionshare-cli] Improper Access Control in Onionshare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund’s Red Team lab. This is an issue from that penetration test.
Vulnerability ID: OTF-003
Vulnerabi…
[onionshare-cli] Path traversal in Onionshare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund’s Red Team lab. This is an issue from that penetration test.
Vulnerability ID: OTF-013
Vulnerabi…