In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially…
[org.jenkins-ci.main:jenkins-core] Exposure of Sensitive Information in Jenkins Core
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
References
https://nvd.nist.gov/vuln/d…
[org.apache.geode:geode-core] Apache Geode unsafe deserialization in TcpServer
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present…
[org.apache.camel:camel-hessian] Apache Camel camel-hessian component vulnerable to Java object deserialization
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
References
https://nvd.nist.gov/vuln/detail/C…
[org.apache.struts:struts2-core] Arbitrary code execution in Apache Struts 2
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-4438
https://bugzilla.redhat.com/show_bug.cgi?id=1348238
https:…
[org.apache.struts:struts2-core] Path Traversal in Apache Struts
In Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. This vulnerability is only exploitable when using the Struts 2 C…
[org.apache.jmeter:ApacheJMeter] Missing certificate validation in Apache JMeter
When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-1297
…
[org.apache.jmeter:ApacheJMeter] Missing certificate validation in Apache JMeter
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect those running in Dist…
[org.jvnet.hudson.plugins:ssh] Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
[io.hawt:project] Insecure cookie sharing in Hawtio
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy…