CVE-2020-12507 An attacker with access to monit tool 4.2 could access the database by injection.
s::can moni::tools 4.2+ now uses a secure database connection to avoid SQL injection and other security issues.
In s::can moni::tools
CVE-2022-40753 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting
The cross-site scripting issue exists due to insufficient sanitization of user-supplied data before using in the application’s code. Cross-site scripting issues
CVE-2022-45393 An CSRF vulnerability in the Delete log Plugin 1.0 and earlier allows attackers to delete build logs.
CSRF, or cross-site request forgery, is a type of malicious attack in which an imposter site persuades a victim’s Web browser or computer
CVE-2022-45398 An CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CSRF is a type of Hijacking where an attacker tricks another user into performing an action on the victim’s behalf by tricking the victim
CVE-2022-3893 BlueSpice Custom Menu extension can be exploited via XSS attack by an admin user.
XSS can be exploited to execute arbitrary script code in user session or obtain confidential information (CSRF). BlueSpice is currently the only confirmed XSS vulnerability
Episode
00:00:00
00:00:00