RedPacket Security - InfoSec News & Tutorials

Jenkins Selection tasks Plugin cross-site scripting | CVE-2022-30967

May 18, 2022

NAME Jenkins Selection tasks Plugin cross-site scripting Platforms Affected:Jenkins Selection tasks Plugin 1.0Risk Level:8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Jenkins Selection tasks Plugin...

Jenkins Promoted Builds (Simple) Plugin cross-site scripting | CVE-2022-30965

May 18, 2022

NAME Jenkins Promoted Builds (Simple) Plugin cross-site scripting Platforms Affected:Jenkins Promoted Builds (Simple) Plugin 1.9Risk Level:8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Jenkins Promoted...

Jenkins Rundeck Plugin cross-site scripting | CVE-2022-30956

May 18, 2022

NAME Jenkins Rundeck Plugin cross-site scripting Platforms Affected:Jenkins Rundeck Plugin 3.6.10Risk Level:8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Jenkins Rundeck Plugin is vulnerable to...

Jenkins Random String Parameter Plugin cross-site scripting | CVE-2022-30966

May 18, 2022

NAME Jenkins Random String Parameter Plugin cross-site scripting Platforms Affected:Jenkins Random String Parameter Plugin 1.0Risk Level:8Exploitability:HighConsequences:Gain Access DESCRIPTION Jenkins Random...

Jenkins Autocomplete Parameter Plugin cross-site scripting | CVE-2022-30970

May 18, 2022

NAME Jenkins Autocomplete Parameter Plugin cross-site scripting Platforms Affected:Jenkins Autocomplete Parameter Plugin 1.1Risk Level:8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Jenkins Autocomplete Parameter Plugin...

Jenkins JDK Parameter Plugin cross-site scripting | CVE-2022-30963

May 18, 2022

NAME Jenkins JDK Parameter Plugin cross-site scripting Platforms Affected:Jenkins JDK Parameter Plugin 1.0Risk Level:8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION Jenkins JDK Parameter Plugin...

Jenkins Autocomplete Parameter Plugin cross-site request forgery | CVE-2022-30969

May 18, 2022

NAME Jenkins Autocomplete Parameter Plugin cross-site request forgery Platforms Affected:Jenkins Autocomplete Parameter Plugin 1.1Risk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Jenkins Autocomplete Parameter...

Jenkins Autocomplete Parameter Plugin cross-site scripting | CVE-2022-30961

May 18, 2022

Node.js colors-support module code execution |

May 18, 2022

NAME Node.js colors-support module code execution Platforms Affected:Node.js colors-supportRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js colors-support module could allow a remote attacker...

Node.js colors-update module code execution |

May 18, 2022

NAME Node.js colors-update module code execution Platforms Affected:Node.js colors-updateRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js colors-update module could allow a remote attacker...

Jenkins Global Variable String Parameter Plugin cross-site scripting | CVE-2022-30962

May 18, 2022

NAME Jenkins Global Variable String Parameter Plugin cross-site scripting Platforms Affected:Jenkins Global Variable String Parameter Plugin 1.2Risk Level:8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION...

Node.js sync-colors module code execution |

May 18, 2022

NAME Node.js sync-colors module code execution Platforms Affected:Node.js sync-colorsRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js sync-colors module could allow a remote attacker...

IpMatcher server-side request forgery | CVE-2021-33318

May 18, 2022

NAME IpMatcher server-side request forgery Platforms Affected:NuGet IpMatcher 1.0.4.1Risk Level:8.1Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION IpMatcher is vulnerable to server-side request...

Node.js support-colors module code execution |

May 18, 2022

NAME Node.js support-colors module code execution Platforms Affected:Node.js support-colorsRisk Level:8.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Node.js support-colors module could allow a remote attacker...

Jenkins Multiselect parameter Plugin cross-site scripting | CVE-2022-30964

May 18, 2022

NAME Jenkins Multiselect parameter Plugin cross-site scripting Platforms Affected:Jenkins Multiselect parameter Plugin 1.3Risk Level:8Exploitability:HighConsequences:Gain Access DESCRIPTION Jenkins Multiselect parameter Plugin...

Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift

May 18, 2022

Researchers spotted a new variant of the UpdateAgent macOS malware dropper that was employed in attacks in the wild. Researchers...

Daily Vulnerability Trends: Wed May 18 2022

May 18, 2022

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-22676 No description provided CVE-2022-22617A logic issue was addressed with improved state...

Evaluation of cyber activities and the threat landscape in Ukraine

May 18, 2022

Introduction When the war in Ukraine broke out, many analysts were surprised to discover that what was simultaneously happening in...