CVE-2020-12744 The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged user to elevate privileges.
On Windows, the MSI installer program runs as an unprivileged user and does not run with the same elevated privileges as the Windows operating system.
CVE-2022-3586 A use after free was found in the networking code. This could lead to a remote code exploit.
CVE-2018-14633 occurs when forwarding-port forwarding is enabled. A remote attacker can take advantage of this flaw to redirect network traffic from the forwarded port to
CVE-2022-43432 Jenkins XFramium Builder Plugin 1.0.22 and earlier disables Content-Security-Policy protection for user-generated content.
This can be dangerous if you host public download sites for example, or allow third party code to be hosted on your servers via Git.
CVE-2022-43429 Compuware Topaz for Total Test Plugin 2.4.8 and earlier allows attackers to read arbitrary files on the Jenkins controller file.
This issue is likely to be exploited in situations such as a cross-site request forgery (CSRF) attack, where a Jenkins master running on attacker-controlled hardware
CVE-2022-43417 Katalon Plugin 1.0.32 and earlier doesn't perform permission checks in several HTTP endpoints, which allows attackers with Overall/Read permission to connect to attacker-specified URL using attacker-specified cred
END>
This issue can be exploited to gain access to deployed applications that use Jenkins as a build repository, and potentially other services that are accessible
Episode
00:00:00
00:00:00