トピトピニュース

ロシアが世界のエネルギー施設を狙い撃ち?!　アメリカで起訴された4被告の顔ぶれ

Posted inUncategorized
Posted byねっと特報
03/27/2022

米司法当局が4人のロシア政府関係者の起訴を明らかにした。4人は世界のエネルギー部門を標的としたサイバ…

死んで錯誤するという試み、胸を打つ物語、“誰でも楽しめる高難易度アクション”とは？「FFオリジン」クリア後プレイレビュー

Posted inUncategorized
Posted byGamer
03/23/2022

スクウェア・エニックスから2022年3月18日に発売されたPS5/PS4/Xbox Series X…

[poetry] Poetry before v1.1.9 contains Untrusted Search Path

Poetry prior to v1.1.9 was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the appli…

[paramiko] Race Condition in Paramiko

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-24302
https://github.com/paramiko/par…

[SinGooCMS.Utility] Deserialization of Untrusted Data in SinGooCMS.Utility

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restri…

亡くなった子ども18人のうち6人は「防げる可能性あった」　香川県のチャイルド・デス・レビュー結果まとまる

Posted inUncategorized
Posted byKSBニュース
03/17/2022

事故や事件などによる子どもの死亡を防ぐため、過去の事例を専門家が検証することを「チャイルド・デス・レ…

[org.jenkins-ci.plugins:list-git-branches-parameter] Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin

Posted inHIGH
Posted byGitHub
03/16/202212/01/2022

Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the ‘List Git branches (and more)’ parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permissio…

[org.jenkins-ci.plugins:release-helper] CSRF vulnerability in Jenkins Release Helper Plugin

A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-27…

[org.jenkins-ci.plugins:dbCharts] Passwords stored in plain text by Jenkins dbCharts Plugin

Posted inLOW
Posted byGitHub
03/16/202212/01/2022

Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file hudson.plugins.dbcharts.DbChartPublisher.xml on the Jenkins controller as part of its configuration.
These passwords can be viewed b…

[io.jenkins.plugins:environment-dashboard] Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin

Posted inHIGH
Posted byGitHub
03/16/202212/01/2022

Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/C…