XSS in /dashboard/blocks/stacks/view_details/ – old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concre…
[rails-html-sanitizer] Rails::Html::Sanitizer vulnerable to Cross-site Scripting
Versions of Rails::Html::Sanitizer prior to version 1.4.3 are vulnerable to XSS with certain configurations of Rails::Html::Sanitizer which allows an attacker to inject content when the application developer has overridden the sanitizer’s allowed tags…
[concrete5/core] Code injection in concrete CMS
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes request…
[deep-get-set] Prototype Pollution in deep-get-set
All versions of package deep-get-set are vulnerable to Prototype Pollution via the ‘deep’ function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715
References
https://nvd.nist.gov/vuln/detail/CVE-2022-21231
https://snyk.io/vul…
[github.com/zalando/skipper] Query predicate bypass in Zalando Skipper
In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-34296
https://github.com/zalando/skipper/releases/tag/v0.13.218
https://github.com/zalando/skipper/pul…
[org.openidentityplatform.openam:openam-core] NT auth module vulnerability in OpenAM
The NT auth module in OpenAM before 14.6.6 allows a “replace Samba username attack.”
References
https://nvd.nist.gov/vuln/detail/CVE-2022-34298
https://github.com/OpenIdentityPlatform/OpenAM/pull/514
https://github.com/OpenIdentityPlatform/OpenAM/comp…
[org.jenkins-ci.plugins:squashtm-publisher] Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Reference…
[org.apache.tomcat:tomcat] Cross-site Scripting in Apache Tomcat
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
Referenc…
[org.jenkins-ci.plugins:beaker-builder] Missing Authorization in Jenkins Beaker builder Plugin
A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-34208
https://www.jenkins.io/secur…
[org.lilicurroad.jenkins:packageversion] Cross-site Scripting in Jenkins Package Version Plugin
Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permissi…