![]() ![]() Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. ![]() This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. Powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |