Impact
What kind of vulnerability is it? Who is impacted?
In Hardened JavaScript, programs can harden objects to safely share objects with co-tenant programs without risk of these other programs tampering with their API surface. Hardening does not guar…
[io.github.skylot:jadx-plugins-api] Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack
Impact
Using jadx-gui to open a special zip file with entry containing HTML sequence like <html><frame> will cause interface to get stuck and throw exceptions like:
java.lang.RuntimeException: Can’t build aframeset, BranchElement(frameset) …
[io.projectreactor.netty:reactor-netty-http] Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens
Reactor Netty HTTP Server, in versions 1.0.11 – 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests wh…
[rdiffweb] Rdiffweb is missing authentication for critical function
Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3327
https://github.com/ikus060/rdiffweb/commit/f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095
https://hu…
[Shinken] Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring node…
[github.com/concourse/concourse] Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
Impact
For some Post/Put Concourse endpoint containing :team_name in the URL, a Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team. The user onl…
[OctoPrint] OctoPrint vulnerable to Special Element Injection
OctoPrint prior to 1.8.3 is vulnerable to Special Element Injection.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3607
https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
https://huntr.dev/bounties/2d1db3c9-9…
[thorsten/phpmyfaq] phpMyFAQ vulnerable to Cross-site Scripting
phpMyFAQ versions 3.1.7 and prior are vulnerable to stored cross-site scripting (XSS). A patch is available on the main branch of the repository and anticipated to be part of version 3.2.0-alpha.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-36…
[org.jenkins-ci.plugins:gitlab-plugin] Jenkins GitLab Plugin potentially allows attackers to use statistical methods to obtain valid webhook token
Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. Gi…
[com.compuware.jenkins:compuware-topaz-for-total-test] Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from …