Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to ‘people’, which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the use…
[org.apache.tomcat:tomcat] Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL…
[npm] Incorrect Permission Assignment for Critical Resource in NPM
An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as “next: 5.7.0” and therefore automatically installed by an “npm upgrade -g npm” command, and also announced in the vendor’s blog without mention of pre-release status). It might a…
[mysql:mysql-connector-java] Improper Privilege Management in MySQL Connectors Java
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple pro…
[org.jenkins-ci.main:jenkins-core] Missing Release of Resource after Effective Lifetime in Jenkins
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in…
[passenger] Phusion Passenger incorrect permission assignment
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are …
[com.amazonaws:codedeploy] AWS CodeDeploy Plugin stored AWS Secret Key in plain text
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appears to be exploitable via loc…
[org.springframework.webflow:spring-webflow] Insecure Default Initialization of Resource in Pivotal Spring Web Flow
An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to ‘false’) can be vulnerable to malicious EL exp…
[pyanyapi] Unsafe pyyaml load usage in PyAnyAPI
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe…
[numpy] Numpy missing input validation
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-128…