Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-43430
https://www.jenkins.io/security/advisory/2022-10…
Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify input step IDs resulting …
Markdownify version 1.4.1 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Markdownify. This is possible because the application has the “nodeIntegration” option enabled. …
Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec….
A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and …
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar an…
When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable th…
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerabilit…
TL;DR
This vulnerability affects all Kirby sites with user accounts (unless Kirby’s API and Panel are disabled in the config). It can only be exploited for targeted attacks because the attack does not scale to brute force.
Introduction
User enumeratio…
TL;DR
This vulnerability only affects you if you are using the code or password-reset auth method with the auth.methods option. It can only be successfully exploited under server configuration conditions outside of the attacker’s control.
Introduction…
