Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to t ...
Continue Reading
September 23, 2022
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to t ...
Continue Reading
September 23, 2022
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
### Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token (used to provision clus ...
Continue Reading
September 23, 2022
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
### Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token (used to provision clus ...
Continue Reading
September 23, 2022
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.Read More ...
Continue Reading
September 23, 2022
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable ...
Continue Reading
September 23, 2022
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.Read More ...
Continue Reading
September 23, 2022
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable ...
Continue Reading
September 23, 2022
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Vmware Tanzu Spring Framework (CVE-2022-22971)
## Summary IBM Sterling Partner Engagement Manager uses Vmware Tanzu Spring Framework that is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. The issue has be ...
Continue Reading
September 23, 2022
WordPress plugin WPGraphQL access control error vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. Word ...
Continue Reading
September 22, 2022
