CVE-2022-43417 Katalon Plugin 1.0.32 and earlier doesn't perform permission checks in several HTTP endpoints, which allows attackers with Overall/Read permission to connect to attacker-specified URL using attacker-specified cred
END>
This issue can be exploited to gain access to deployed applications that use Jenkins as a build repository, and potentially other services that are accessible
CVE-2022-43423 Jenkins Compuware Source Code 2.0.12 and earlier has an agent/controller message that doesn't limit where it can be executed, allowing attackers to control agent processes and obtain the values of JAVA APIs.
Jenkins versions prior to 2.0.12 are vulnerable to a remote code execution attack.
Agent/Controller Message Processing
PDS Plugin 2.0.12 and
CVE-2022-43401 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts to compromise Jenkins.
This vulnerability is exposed when a user is granted permission to define and run scripts in a Jenkins pipeline and that pipeline is configured to
CVE-2022-21631 - JD Edwards EnterpriseOne Tools Design Tools SEC Vulnerability Explained
CVE-2022-21631 is a serious vulnerability in Oracle's JD Edwards EnterpriseOne Tools, specifically within the Design Tools SEC component. This flaw exists in all
CVE-2022-39399 An issue was discovered in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE. The vulnerability could be exploited to execute arbitrary code.
code installed by an administrator). Unpatched clients, servers and end users can be compromised by this issue. Furthermore, for an application to be vulnerable, it
Episode
00:00:00
00:00:00