libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and (lists of) values (strings, integers, floats, booleans or oth ...
Continue ReadingSeptember 21, 2022
### Impact This issue allows a client of the API to retrieve more information than the clients OAuth scope permits when making search-type requests. This issue would not allow a client to retrie ...
Continue ReadingSeptember 21, 2022
Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The `/rest/api/latest/projects/{projectKey}/repos/{ ...
Continue ReadingSeptember 21, 2022
### Impact This issue allows a client of the API to retrieve more information than the clients OAuth scope permits when making search-type requests. This issue would not allow a client to retrie ...
Continue ReadingSeptember 21, 2022
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable ...
Continue ReadingSeptember 21, 2022
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty ...
Continue ReadingSeptember 21, 2022
Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted fi ...
Continue ReadingSeptember 21, 2022
Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provid ...
Continue ReadingSeptember 21, 2022
Back to Main