A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3. Date published : 2020-09-16 Mise à jour du Freebox Server (Révolution/mini/One/Delta/Pop) 4.2.3 https://www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/
A DNS rebinding vulnerability in Freebox v5 before 1.5.29. Date published : 2020-09-16 Mise à jour du Freebox Server (Révolution/mini/One/Delta/Pop) 4.2.3 https://www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Date published : 2020-09-16 Mise à jour du Freebox Server (Révolution/mini/One/Delta/Pop) 4.2.3 https://www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other ‘.xml’ file on the Jenkins controller with a job config.xml file’s...
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. Date published : 2020-09-16 https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1968%20%281%29 http://www.openwall.com/lists/oss-security/2020/09/16/3
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user...
Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on...
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file...
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Date published : 2020-09-16 https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1903 http://www.openwall.com/lists/oss-security/2020/09/16/3
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Date published : 2020-09-16 https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1903 http://www.openwall.com/lists/oss-security/2020/09/16/3
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files’ names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Date published : 2020-09-16...
Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Date published : 2020-09-16...
Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views....
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. Date published : 2020-09-16 https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904...