CVE-2022-43017 OpenCATS v0.9.6 had a reflected XSS vulnerability in the indexFile component.
When uploading an index file via the openCAT admin panel, an attacker can inject malicious code into the file with relative ease. The XSS flaw
CVE-2022-41709 An attacker can execute arbitrary code on any client who views a malicious Markdown file.
NodeIntegration is a Symfony2 component that allows an application to use Node.js modules. When enabled, it exposes the Apache HttpClient library to the application,
CVE-2022-43419 Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission.
This may pose a risk to API keys stored in Jenkins. It is recommended that any sensitive key be stored in a keystore or its
CVE-2022-43434 Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier disables Content-Security-Policy protection for user-generated content.
This can be dangerous if a user uploads their own content to a shared hosting environment, for example. Users can turn off the content security
CVE-2022-43414 Jenkins NUnit Plugin 0.27 and earlier has an agent-to-controller message that parses files as test results, allowing attackers to control agent processes to obtain test results from files in the attacker's specification.
This can lead to information leakage from the Jenkins environment, such as revealing credentials or sensitive data. Jenkins is not vulnerable to this issue if
Episode
00:00:00
00:00:00