CVE-2022-42199 v1.0 of Exam Reviewer Management System is vulnerable to CSRF attack.
If a remote attacker can trick an authenticated user into clicking a specially crafted link, they can execute commands against the management system. This can
CVE-2022-43014 OpenCATS v0.9.6 had a XSS vulnerability when the joborderID parameter was used.
An attacker can inject malicious code in the user’s browser to take control of the vulnerable system. OpenCATS administrators are advised to review the
CVE-2022-43408 Jenkins Pipeline stage view plugin 2.26 and earlier doesn't encode input step ID when generating URLs, allowing attackers to specify them and proceed/abort builds.
This issue does not affect usage of the Jenkins CLI. In order to exploit this issue, an attacker would have to be able to configure
CVE-2022-43429 Compuware Topaz for Total Test Plugin 2.4.8 and earlier allows attackers to read arbitrary files on the Jenkins controller file.
This issue is likely to be exploited in situations such as a cross-site request forgery (CSRF) attack, where a Jenkins master running on attacker-controlled hardware
CVE-2022-43407 Jenkins Input Step Plugin 451.vf1a_a_4f405289 doesn't restrict or sanitize the ID of the input step, which is used for URLs that process user interactions.
This issue does not affect Pipelines. As of Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier, this issue can be exploited by
Episode
00:00:00
00:00:00