OwningRef::map_with_owner is unsound and may result in a use-after-free.
OwningRef::map is unsound and may result in a use-after-free.
OwningRefMut::as_owner and OwningRefMut::as_owner_mut are unsound and may result in a use-after-free.
The crate viol…
[fava] Fava before 1.22.3 vulnerable to reflected cross-site scripting
Fava before 1.22.3 is vulnerable to reflected cross-site scripting due to improper validation on filter conversion.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2589
https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa7047…
[org.jenkins-ci.plugins:git] Jenkins Git Plugin before 4.11.4 provides unauthenticated attackers information about the existence of jobs
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-36884
…
[org.jenkins-ci.plugins:buckminster] Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation
Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins cont…
[org.jenkins-ci.plugins:clif-performance-testing] Jenkins CLIF Performance Testing Plugin allows attackers to replace arbitrary files with other content
An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specif…
[com.compuware.jenkins:compuware-xpediter-code-coverage] Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization
A missing permission check in Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins….
[com.compuware.jenkins:compuware-scm-downloader] Jenkins Compuware Source Code Download is missing authorization
A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of cred…
[com.compuware.jenkins:compuware-topaz-utilities] Jenkins Compuware Topaz Utilities Plugin is missing authorization
A missing permission check in Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
Refere…
[com.compuware.jenkins:compuware-ispw-operations] Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints
A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
Refere…
[org.jenkins-ci.plugins:rhnpush-plugin] Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation
Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker…