In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
The host is installed with Jenkins LTS through 2.176.2 or Jenkins rolling release through 2.191 and is prone to a cross-site request forgery vulnerability. A flaw is present in the application, which fails to properly handle CSRF tokens without an associated web session ID. Successful exploitation could allow attackers to bypass CSRF protection for anonymous users.
The host is installed with Jenkins LTS through 2.176.2 or Jenkins rolling release through 2.191 and is prone to a cross-site request forgery vulnerability. A flaw is present in the application, which fails to properly handle CSRF tokens without an associated web session ID. Successful exploitation could allow attackers to bypass CSRF protection for anonymous users.
The host is installed with Jenkins LTS through 2.176.2 or Jenkins rolling release through 2.191 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in update site URL. Successful exploitation could allow attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScrip ...
The host is installed with Jenkins LTS through 2.176.2 or Jenkins rolling release through 2.191 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in update site URL. Successful exploitation could allow attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScrip ...
The host is installed with Jenkins LTS through 2.164.1 or Jenkins rolling release through 2.171 and is prone to a cross-site scripting vulnerability. The flaw is present in the application, which fails to properly escape job URLs. Successful exploitation could allow attackers to cause unauthorized modification.
The host is installed with Jenkins LTS through 2.164.1 or Jenkins rolling release through 2.171 and is prone to a cross-site scripting vulnerability. The flaw is present in the application, which fails to properly escape job URLs. Successful exploitation could allow attackers to cause unauthorized modification.
The host is installed with Jenkins LTS through 2.164.1 or Jenkins rolling release through 2.171 and is prone to a privilege escalation vulnerability. The flaw is present in the application, which fails to properly handle remoting-based CLI authentication caches. Successful exploitation could allow attackers to cause unauthorized modifications.
The host is installed with Jenkins LTS through 2.164.1 or Jenkins rolling release through 2.171 and is prone to a privilege escalation vulnerability. The flaw is present in the application, which fails to properly handle remoting-based CLI authentication caches. Successful exploitation could allow attackers to cause unauthorized modifications.