CWE:
 

Topic
Date
Author
Med.
Oracle Database Protection Mechanism Bypass
13.12.2021
Moritz Bechler


CVEMAP Search Results

CVE
Details
Description
2022-07-27
Waiting for details
CVE-2022-36899

Updating...
 

 
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.

 
2022-06-23
Medium
CVE-2022-34181

Vendor: Jenkins
Software: Xunit
 

 
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory.

 
2022-01-19
Low
CVE-2022-22152

Vendor: Juniper
Software: Contrail ser...
 

 
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.

 
2021-11-12
Medium
CVE-2021-43578

Vendor: Jenkins
Software: Squash tm pu...
 

 
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.

 
2021-11-04
Medium
CVE-2021-21696

Vendor: Jenkins
Software: Jenkins
 

 
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.

 
Medium
CVE-2021-21690

Vendor: Jenkins
Software: Jenkins
 

 
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

 
2021-09-09
Medium
CVE-2021-32835

Vendor: Eclipse
Software: KETI
 

 
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.

 
2021-08-31
Medium
CVE-2021-21678

Vendor: Jenkins
Software: SAML
 

 
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

 
Medium
CVE-2021-21679

Vendor: Jenkins
Software: Azure ad
 

 
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.

 
2021-04-21
Medium
CVE-2021-21646

Vendor: Jenkins
Software: Templating e...
 

 
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top