Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund’s Red Team lab. This is an issue from that penetration test.
Vulnerability ID: OTF-005
Vulnerabi…
お持ちのデバイス同士でファイルを共有したいと思ったことはありませんか?Appleのエコシステムを利用…
2021年10月26日(火)よりサービスが開始した「Nintendo Switch Online +…
HTC(宏達国際電子股份有限公司)は、スマートフォンからVRヘッドセットまで手掛ける台湾を拠点とする…
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Users are advised to migrate from log4j:log4j to org.apache.logging…
iPhone 13で、AppleはiPhoneのノッチを小さくしました。存在感はありますが、より小さ…
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether …
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-23105
https://www.jenki…
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
References
https://nvd.nist.gov/vuln/deta…
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2310…
