Reactor Netty HTTP Server, in versions 1.0.11 – 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests wh…
[github.com/concourse/concourse] Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
Impact
For some Post/Put Concourse endpoint containing :team_name in the URL, a Concourse user can send a request with body including :team_name=team2 to bypass team scope check to gain access to certain resources belong to any other team. The user onl…
[OctoPrint] OctoPrint vulnerable to Special Element Injection
OctoPrint prior to 1.8.3 is vulnerable to Special Element Injection.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3607
https://github.com/octoprint/octoprint/commit/3cca3a43f3d085e9bbe5a5840c8255bb1b5d052e
https://huntr.dev/bounties/2d1db3c9-9…
[org.jenkins-ci.plugins:gitlab-plugin] Jenkins GitLab Plugin potentially allows attackers to use statistical methods to obtain valid webhook token
Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. Gi…
[org.jenkins-ci.plugins:generic-webhook-trigger] Jenkins Generic Webhook Trigger Plugin potentially allows attackers to use statistical methods to obtain valid webhook token
Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid …
[org.jenkins-ci.plugins:job-import-plugin] Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. An enumeration of credentials IDs in Job I…
[com.compuware.jenkins:compuware-xpediter-code-coverage] Jenkins Compuware Xpediter Code Coverage Plugin vulnerable to Protection Mechanism Failure
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties fro…
[io.jenkins.plugins:custom-checkbox-parameter] Jenkins Custom Checkbox Parameter Plugin vulnerable to stored Cross-site Scripting
Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by atta…
[org.jenkins-ci.plugins:pipeline-input-step] Jenkins Pipeline: Input Step Plugin vulnerable to Inappropriate Encoding for Output Context
Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier does not restrict or sanitize the optionally specified ID of the input step, which is used for the URLs that process user interactions for the given input step (proceed or abort) and i…
[org.jenkins-ci.plugins:tuleap-git-branch-source] Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. Tuleap Git Branch Source Plugin 3.2.5 …