当前节点:cve-famous
时间节点
2020-10-20 18:57:24知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

Apache Kylin 2.0.0、2.1.0、2.2.0、2.3.0、2.3.1、2.3.2、2.4.0、2.4.1、2.5.0、2.5.1、2.5.2、2.6.0, 2.6.1、2.6.2、2.6.3、2.6.4、2.6.5、2.6.6、3.0.0-alpha,3.0.0-alpha2、3.0.0-beta,3.0.0、3.0.1, 3.0.2、3.1.0、4.0.0-alpha拥有一个静态的api,无需任何身份验证即可公开Kylin的配置信息,因此这很危险,因为某些机密信息条目会向所有人公开。
2020-10-19 23:03:10知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:深信服
2020-10-18 09:06:46知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apereo CAS
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.

5.3.16之前的Apereo CAS 5.3.x,6.1.7.2之前的6.x,6.2.4之前的6.2.x和6.3.0-RC4之前的6.3.x使用Google Authenticator错误地处理了密钥以进行多因素身份验证。
2020-10-18 09:05:50知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jupyter
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'.

当Python扩展程序加载Jupyter笔记本文件(又称为“ Visual Studio Code Python扩展程序远程代码执行漏洞”)时,Visual Studio Code中存在一个远程执行代码漏洞。
2020-10-18 09:05:35知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages, aka 'Microsoft Exchange Information Disclosure Vulnerability'.

Microsoft Exchange在处理某些消息时如何验证令牌(也称为“ Microsoft Exchange信息泄露漏洞”)中存在一个信息泄露漏洞。
2020-10-18 09:05:20知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16950.

当Microsoft SharePoint Server无法正确处理内存中的对象(也称为“ Microsoft SharePoint信息泄露漏洞”)时,存在一个信息泄露漏洞。此CVE ID在CVE-2020-16941,CVE-2020-16942,CVE-2020-16948,CVE-2020-16950中是唯一的。
2020-10-18 09:05:17知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951.

当软件无法检查应用程序包的源标记,即“ Microsoft SharePoint远程执行代码漏洞”时,Microsoft SharePoint中存在一个远程执行代码漏洞。此CVE ID从CVE-2020-16951起是唯一的。
2020-10-18 09:05:14知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16952.

当软件无法检查应用程序包的源标记,即“ Microsoft SharePoint远程执行代码漏洞”时,Microsoft SharePoint中存在一个远程执行代码漏洞。此CVE ID从CVE-2020-16952起是唯一的。
2020-10-18 09:05:10知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16953.

当Microsoft SharePoint Server无法正确处理内存中的对象(也称为“ Microsoft SharePoint信息泄露漏洞”)时,存在一个信息泄露漏洞。此CVE ID在CVE-2020-16941,CVE-2020-16942,CVE-2020-16948,CVE-2020-16953中是唯一的。
2020-10-18 09:05:08知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Outlook
A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Denial of Service Vulnerability'.

当软件无法正确处理内存中的对象时,Microsoft Outlook软件中存在一个拒绝服务漏洞,也称为“ Microsoft Outlook拒绝服务漏洞”。
2020-10-18 09:05:05知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953.

当Microsoft SharePoint Server无法正确处理内存中的对象(也称为“ Microsoft SharePoint信息泄露漏洞”)时,存在一个信息泄露漏洞。此CVE ID在CVE-2020-16941,CVE-2020-16942,CVE-2020-16950,CVE-2020-16953中是唯一的。
2020-10-18 09:05:02知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Outlook
A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.

当软件无法正确处理内存中的对象时,Microsoft Outlook软件中将存在一个远程执行代码漏洞,也就是“ Microsoft Outlook远程执行代码漏洞”。
2020-10-18 09:04:59知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16945.

如果Microsoft SharePoint Server无法正确清理对受影响的SharePoint服务器的特制Web请求(也称为“ Microsoft Office SharePoint XSS漏洞”),则存在跨站点脚本(XSS)漏洞。此CVE ID从CVE-2020-16945起是唯一的。
2020-10-18 09:04:54知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-16946.

如果Microsoft SharePoint Server无法正确清理对受影响的SharePoint服务器的特制Web请求(也称为“ Microsoft Office SharePoint XSS漏洞”),则存在跨站点脚本(XSS)漏洞。此CVE ID从CVE-2020-16946起是唯一的。
2020-10-18 09:04:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.

当SharePoint Server未正确清除对受影响的SharePoint服务器的特制请求时,会导致此漏洞。经过身份验证的攻击者可以通过向受影响的SharePoint服务器(也称为“ Microsoft SharePoint Reflective XSS Vulnerability”)发送特制请求来利用此漏洞。
2020-10-18 09:04:46知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.

当Microsoft SharePoint Server在呈现特定的网页(即“ Microsoft SharePoint信息泄露漏洞”)时不正确地披露其文件夹结构时,存在一个信息泄露漏洞。此CVE ID在CVE-2020-16941,CVE-2020-16948,CVE-2020-16950,CVE-2020-16953中是唯一的。
2020-10-18 09:04:43知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft SharePoint
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.

当Microsoft SharePoint Server在呈现特定的网页(即“ Microsoft SharePoint信息泄露漏洞”)时不正确地披露其文件夹结构时,存在一个信息泄露漏洞。此CVE ID在CVE-2020-16942,CVE-2020-16948,CVE-2020-16950,CVE-2020-16953中是唯一的。
2020-10-18 09:01:02知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Docker
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.

2020-10-18 09:00:59知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jboss
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.

在JBoss EAP中发现了一个漏洞,该漏洞使用旧版SecurityRealm设置了身份验证配置,以委托给旧版PicketBox SecurityDomain,然后重新加载为仅管理员模式。此缺陷使攻击者可以使用任意用户和密码执行完整的身份验证绕过。漏洞面临的最大威胁是系统可用性。
2020-10-16 17:08:41知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.

受影响的Jira Server版本允许未经身份验证的远程攻击者通过ActionsAndOperations资源中的缺少权限检查来枚举问题密钥。受影响的版本为7.13.18之前,8.5.9之前的8.0.0版本和8.12.2之前的8.6.0版本。
2020-10-15 18:09:25知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure.

可以利用用户枚举漏洞获取用户帐户列表,并且可以在710、711、730、731、740、750版本的SAP NetWeaver Application Server ABAP(POWL测试应用程序)版本中公开个人用户信息,从而导致信息泄露。
2020-10-15 18:09:18知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.

SAP NetWeaver AS Java版本-7.10、7.11、7.20、7.30、7.31、7.40、7.50的“起始页”允许未经身份验证的远程攻击者由于反向制表URL验证不足而将用户重定向到恶意站点。攻击者可以执行网络钓鱼攻击,以窃取受害者的凭据或将用户重定向到包含恶意软件或类似恶意攻击的不受信任的网页。
2020-10-15 18:09:10知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.

SAP NetWeaver企业门户(Fiori框架页面)版本-7.50、7.31、7.40不能对用户控制的输入进行充分的编码,并且允许攻击者在有效的会话中创建XSS,该XSS既可以立即反映出来,也可以持久保存并返回进一步访问系统,从而产生跨站点脚本。
2020-10-15 18:09:07知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SAP NetWeaver
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting.

SAP NetWeaver Application Server Java版本-7.10、7.11、7.20、7.30、7.31、7.40和7.50允许未经身份验证的攻击者在任何网页或URL中包含JavaScript块,并使用不同的符号将其禁止。成功利用后,攻击者可以窃取用户的身份验证信息,例如与他或她当前会话有关的数据,并在一定程度上影响应用程序的机密性和完整性,从而导致反射跨站点脚本。
2020-10-15 10:44:54知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Solr
有新的漏洞组件被发现啦,组件ID:Apache Solr
有新的漏洞组件被发现啦,组件ID:Apache
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.

Apache Solr版本6.6.0到6.6.6、7.0.0到7.7.3和8.0.0到8.6.2阻止了一些危险的功能(可用于远程代码执行)在通过以下方式上传的ConfigSet中进行配置:没有身份验证/授权的API。可以通过结合使用UPLOAD / CREATE操作来避免为防止此类功能而进行的检查。
2020-10-15 10:44:38知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.

使用URL参数中的用户名和密码进行POST的实现公开了凭据。在fineract jira发行726和629中提供了更多信息。
2020-10-14 00:03:19知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Nexus Repository Manager
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to).

在2.14.19之前的Sonatype Nexus Repository Manager 2.x中发现目录遍历问题。请求构建路径的用户可以遍历文件系统以访问磁盘上的内容(运行nxrm的用户也可以访问)。
2020-10-14 00:03:14知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache Tomcat
有新的漏洞组件被发现啦,组件ID:Apache
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

如果连接到Apache Tomcat 10.0.0-M1到10.0.0-M7、9.0.0.M1到9.0.37或8.5.0到8.5.57的HTTP / 2客户端超出了协议中并发流的最大数目(违反HTTP / 2协议),在该连接上进行的后续请求可能包含来自先前请求的HTTP标头(包括HTTP / 2伪标头),而不是预期的标头。这可能导致用户看到意外资源的响应。
2020-10-14 00:03:03知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions.

在GitLab中发现了一个问题,影响了13.2.10、13.3.7和13.4.2之前的所有版本。权限检查不足,使具有开发人员角色的攻击者可以执行各种删除操作。
2020-10-12 22:21:05知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jira
有新的漏洞组件被发现啦,组件ID:Atlassian Jira
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.

受影响的Atlassian Jira Server版本允许远程攻击者通过Jira问题筛选器导出文件中的跨站点脚本(XSS)漏洞注入任意HTML或JavaScript。受影响的版本为8.5.9之前,8.12.3之前的8.6.0版本和8.13.1之前的8.13.0版本。
2020-10-12 02:17:47知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:phpMyAdmin
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

在4.9.6之前的phpMyAdmin和5.0.3之前的5.x的SearchController中发现一个问题。在phpMyAdmin如何处理搜索功能中的SQL语句中发现了一个SQL注入漏洞。攻击者可以利用此漏洞将恶意SQL注入查询。
2020-10-12 02:17:44知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:phpMyAdmin
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

4.9.6之前的phpMyAdmin和5.0.3之前的5.x允许XSS通过精心设计的链接通过转换功能。
2020-10-11 06:17:44知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.

HttpUtils#getURLConnection方法显式禁用HTTPS连接的主机名验证,从而使客户端容易受到中间人攻击。 Calcite内部使用此方法与Druid和Splunk连接,因此在使用相应的Calcite适配器时可能会发生信息泄漏。该方法本身在实用程序类中,因此人们可以使用它为其他应用程序创建易受攻击的HTTPS连接。从Apache Calcite 1.26开始,将使用默认的JVM信任库执行主机名验证。
2020-10-10 10:26:02知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Jenkins Nerrvana插件1.02.06和更早版本没有配置其XML解析器来防止XML外部实体(XXE)攻击。
2020-10-10 10:25:59知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Jenkins SMS通知插件1.2和更早版本将访问令牌未加密地存储在Jenkins控制器的全局配置文件中,可以由拥有Jenkins控制器文件系统访问权限的用户查看。
2020-10-10 10:25:56知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.

Jenkins共享对象插件0.44和更早版本中的跨站点请求伪造(CSRF)漏洞使攻击者能够配置共享对象。
2020-10-10 10:25:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.

Jenkins Maven Cascade发行插件1.3.2和更早版本中的跨站点请求伪造(CSRF)漏洞使攻击者可以启动层叠构建和布局构建,并重新配置该插件。
2020-10-10 10:25:48知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.

Jenkins Maven Cascade发行插件1.3.2和更早版本不会在多个HTTP端点中执行权限检查,从而使具有“总体/读取”权限的攻击者可以启动级联构建和布局构建,并重新配置该插件。
2020-10-10 10:25:45知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller.

Jenkins Persona插件2.4和更早版本允许具有“总体/读取”权限的用户读取Jenkins控制器上的任意文件。
2020-10-10 10:25:41知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission.

Jenkins Release Plugin 2.10.2和更早版本无法在徽标工具提示中转义发布版本,从而导致存储的跨站点脚本(XSS)漏洞可由攻击者使用具有Release / Release权限的攻击者利用。
2020-10-10 10:25:38知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Jenkins couchdb-statistics插件0.3和更早版本将其服务器密码未加密地存储在Jenkins控制器上的全局配置文件中,可供访问Jenkins控制器文件系统的用户查看。
2020-10-10 10:25:35知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins Active Choices插件2.4和更早的版本没有为响应式参考参数转义沙盒脚本的某些返回值,从而导致存储的跨站点脚本(XSS)漏洞可由具有Job / Configure权限的攻击者利用。
2020-10-10 10:25:32知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins Active Choices插件2.4和更早的版本无法逃逸生成参数的名称和描述,从而导致存储的跨站点脚本(XSS)漏洞可由具有Job / Configure权限的攻击者利用。
2020-10-10 10:25:30知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.

在Jenkins Audit Trail插件3.6和更早版本中,在许多情况下,可以通过向URL添加在请求处理期间将被忽略的后缀来绕过默认正则表达式模式。
2020-10-10 10:25:26知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

与Stapler Web框架用于分派请求的方式相比,Jenkins Audit Trail插件3.6和更早版本将模式匹配应用于请求URL路径的不同表示,这使攻击者可以制作绕过任何目标URL的请求日志记录的URL。
2020-10-10 10:25:22知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.

更改配置时,Jenkins基于角色的授权策略插件3.0及更早版本无法正确地使权限缓存无效,从而导致基于过期的配置授予权限。
2020-10-10 10:25:17知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

在提交b2021df620824627f5a8c96615edbd1eb7fdddfc之前在Facebook Hermes中处理SaveGeneratorLong指令时,存在一个逻辑漏洞,攻击者可能会越界或从理论上讲通过精心制作的JavaScript执行任意代码。请注意,仅当使用Hermes的应用程序允许评估不受信任的JavaScript时,此方法才可利用。因此,大多数React Native应用程序不受影响。
2020-10-10 10:25:12知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Microsoft Exchange
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0.

如果攻击者拦截了雷鸟使用Microsoft Exchange自动发现机制执行自动帐户设置的最初尝试,并且攻击者发送了特制的响应,则雷鸟会通过https将用户名和密码发送到由攻击者控制的服务器。此漏洞影响Thunderbird <68.10.0。
2020-10-10 10:24:48知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redis

在GitLab中发现了一个问题,影响了13.2.10、13.3.7和13.4.2之前的所有版本。会话密钥以纯文本格式存储在Redis中,这使具有Redis访问权限的攻击者可以将身份验证为已在Redis中存储会话的任何用户
2020-10-10 10:24:44知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

在GitLab中发现一个问题,影响了13.2.10、13.3.7和13.4.2之前的所有版本:CI作业日志中存储的XSS
2020-10-10 10:24:42知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.

在GitLab中发现了一个问题,影响了13.2.10、13.3.7和13.4.2之前的所有版本:SVG File Preview中的XSS。由于仅影响当前用户,所以总体影响是有限的。
2020-10-09 09:09:35知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
有新的漏洞组件被发现啦,组件ID:Docker
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.

在13.2.4、13.3.2和13.4.1之前的Gitlab运行程序版本中发现了命令注入漏洞。在Windows系统上使用docker executor配置运行程序时,允许攻击者通过DOCKER_AUTH_CONFIG构建变量在Windows主机上运行任意命令。
2020-10-09 09:09:31知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

成员资格更改未反映在13.2.10、13.3.7和13.4.2之前的GitLab版本中的ToDo订阅中,从而允许来宾用户通过API访问机密问题。
2020-10-09 09:09:28知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email

在GitLab中发现了一个问题,影响了13.2.10、13.3.7和13.4.2之前的版本:重新发送确认电子邮件时缺乏速率限制
2020-10-09 09:09:23知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.

在GitLab> = 7.12中删除用户帐户时,不正确的组成员身份验证允许用户删除自己的帐户而不删除/转移其组。
2020-10-09 09:09:20知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query

在13.2.10、13.3.7和13.4.2之前的GitLab版本中,不正确的授权检查允许项目/组的非成员通过变异GraphQL查询来更改问题的机密性属性