CVE-2021-21680
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.
Source: CVE-2021-21680
월: 2021 8월
CVE-2021-21677
CVE-2021-21677
Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability.
Source: CVE-2021-21677
CVE-2020-19048
CVE-2020-19048
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to ‘/Upload/admin/index.php?module=forum-management&action=add’.
Source: CVE-2020-19048
CVE-2021-21681
CVE-2021-21681
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Source: CVE-2021-21681
CVE-2021-21678
CVE-2021-21678
Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
Source: CVE-2021-21678
CVE-2020-19047
CVE-2020-19047
Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatckers to execute arbitrary code via malicious POST request to the component ‘/index.php?controller=system&action=admin_edit_act’.
Source: CVE-2020-19047
CVE-2020-19046
CVE-2020-19046
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component ‘/admin/tpl.php?page=’.
Source: CVE-2020-19046
CVE-2020-19049
CVE-2020-19049
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to ‘/Upload/admin/index.php?module=forum-management&action=add’.
Source: CVE-2020-19049
CVE-2021-21679
CVE-2021-21679
Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins.
Source: CVE-2021-21679
CVE-2021-35221
CVE-2021-35221
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
Source: CVE-2021-35221