CVE-2023-30528
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.Read More ...
Continue Reading
May 01, 2023
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration. This client secret can b ...
Continue Reading
May 01, 2023
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration. This client secret can b ...
Continue Reading
May 01, 2023
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration. This client secret can b ...
Continue Reading
May 01, 2023
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller as part of its configuration. This client secret can b ...
Continue Reading
May 01, 2023
Mattermost vulnerable to information disclosure
When running in a High Availability configuration, Mattermost fails to sanitize some of the `user_updated` and` post_deleted` events broadcast to all users, leading to disclosure of sensitive informat ...
Continue Reading
May 01, 2023
Mattermost vulnerable to information disclosure
When running in a High Availability configuration, Mattermost fails to sanitize some of the `user_updated` and` post_deleted` events broadcast to all users, leading to disclosure of sensitive informat ...
Continue Reading
May 01, 2023
CVE-2022-45175
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthentic ...
Continue Reading
May 01, 2023
CVE-2023-1060
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30.Read More ...
Continue Reading
March 31, 2023
SUSE SLES12 Security Update : tomcat (SUSE-SU-2023:1672-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:1672-1 advisory. - When using the RemoteIpFilter with requests receiv ...
Continue Reading
March 30, 2023
