An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. As of version 2.2.1, an enume…
[org.apache.geode:geode-core] Apache Geode vulnerable to Incorrect Authorization
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be …
[io.jenkins.blueocean:blueocean] Missing Authorization in Jenkins Blue Ocean Plugin
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.
References
https://nvd.nist.gov/vuln/d…
[org.richfaces:richfaces-core] Richfaces vulnerable to arbitrary code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via or…
[org.jenkins-ci.main:jenkins-core] Incorrect Authorization in Jenkins Core
Jenkins before versions before 2.44 are vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenki…
[org.apache.struts:struts2-core] Code injection in Apache Struts
A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks.
both the s:url and s:a tag provide an includeParams attribute.
The main scope of that …
[org.apache.struts:struts2-core] Server side object manipulation in Apache Struts
OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the ‘#’-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context obj…
[org.apache.struts:struts2-core] Code injection in Apache Struts
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with “action:” or “redirect:”, followed by a desired navigational target expression. This mechanism was intended to help with attachin…
[oauthenticator] JupyterHub OAuthenticator elevation of privilege
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in…
[org.apache.activemq:activemq-openwire-generator] ActiveMQ’s OpenWire protocol exposes certain system details as plain text
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-15709
https://lists.apa…