A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Commander Plugin 2.0 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing creden…
[io.jenkins.plugins:embotics-vcommander] Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization
Missing permission checks in Jenkins Snow Commander Plugin prior to 2.0 allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing crede…
[github.com/hashicorp/nomad] Path Traversal in HashiCorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
References
https://nvd.nist.gov/vuln/detai…
[github.com/mholt/archiver] Arbitrary File Write via Archive Extraction in mholt/archiver
mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393ef0829c3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This …
[org.wildfly.security:wildfly-elytron] Session Fixation in WildFly Elytron
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data…
[org.wildfly.security:wildfly-elytron] Incorrect Authorization in WildFly Elytron
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to informatio…
[xerces:xercesImpl] Improper Input Validation in Xerces
A flaw was found in Wildfly’s implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the “use-grammar-pool-only” feature. This flaw allows a specially-crafted XML file to manipulate the …
[github.com/cli/cli] GitHub CLI can execute a git binary from the current directory
Impact
GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead…
[github.com/containous/traefik/v2] Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Summary
There exists a potential open redirect vulnerability in Traefik’s handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issu…
[org.jenkins-ci.main:jenkins-core] Deserialization of Untrusted Data in Jenkins Core
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
References
https://nvd.nist.gov/vuln/…