Security
Headlines
HeadlinesLatestCVEs

Tag

#java

GHSA-r496-x769-f8j4: Jenkins ReadyAPI Functional Testing Plugin vulnerability exposes secrets

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These credentials can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the job configuration form does not mask these credentials, increasing the potential for attackers to observe and capture them. As of publication of this advisory, there is no fix.

ghsa
#vulnerability#git#java#maven
GHSA-962q-84v8-hxhj: Jenkins QMetry Test Management Plugin vulnerability exposes API keys

QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the job configuration form does not mask these API keys, increasing the potential for attackers to observe and capture them. As of publication of this advisory, there is no fix.

GHSA-28j3-hphh-cjr8: Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens

Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the job configuration form does not mask these tokens, increasing the potential for attackers to observe and capture them. As of publication of this advisory, there is no fix.

GHSA-q8p4-vw42-66gh: Jenkins Apica Loadtest Plugin vulnerability exposes authentication tokens

Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration. These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the job configuration form does not mask these tokens, increasing the potential for attackers to observe and capture them. As of publication of this advisory, there is no fix.

GHSA-p9gh-rpjw-78qg: Jenkins QMetry Test Management Plugin stores unencrypted API keys

QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionally, the job configuration form does not mask these API keys, increasing the potential for attackers to observe and capture them. As of publication of this advisory, there is no fix.

GHSA-qcj2-99cg-mppf: Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check

Jenkins Git Parameter Plugin implements a choice build parameter that lists the configured Git SCM’s branches, tags, pull requests, and revisions. Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices. This allows attackers with Item/Build permission to inject arbitrary values into Git parameters. Git Parameter Plugin 444.vca_b_84d3703c2 validates that the Git parameter value submitted to the build matches one of the offered choices.

GHSA-3c9f-c64m-h4wc: Jenkins Statistics Gatherer Plugin vulnerability exposes AWS Secret Key

Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file `org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml` on the Jenkins controller as part of its configuration. This key can be viewed by users with access to the Jenkins controller file system. Additionally, the global configuration form does not mask this key, increasing the potential for attackers to observe and capture it. As of publication of this advisory, there is no fix.

GHSA-9mp4-77wg-rwx9: @clerk/backend Performs Insufficient Verification of Data Authenticity

### Impact Applications that use the `verifyWebhook()` helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. ### Patches * `@clerk/backend`: the helper has been patched as of `2.4.0` * `@clerk/astro`: the helper has been patched as of `2.10.2` * `@clerk/express`: the helper has been patched as of `1.7.4` * `@clerk/fastify`: the helper has been patched as of `2.4.4` * `@clerk/nextjs`: the helper has been patched as of `6.23.3` * `@clerk/nuxt`: the helper has been patched as of `1.7.5` * `@clerk/react-router`: the helper has been patched as of `1.6.4` * `@clerk/remix`: the helper has been patched as of `4.8.5` * `@clerk/tanstack-react-start`: the helper has been patched as of `0.18.3` ### Resolution The issue was resolved in **`@clerk/backend` `2.4.0`** by: * Properly parsing the webhook request's signatures and comparing them against the signature generated from the received event ### Workarounds If unable to upgrade, developers ...

Millions of people spied on by malicious browser extensions in Chrome and Edge

Researchers have discovered a campaign of malicious browser extensions that were available in the official Chrome and Edge web stores.

GHSA-5w57-2ccq-8w95: Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection

### Summary A command injection vulnerability exists in the `node-code-sandbox-mcp` MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to `child_process.execSync`, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges on the host machine, bypassing the sandbox protection of running code inside docker. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (`|`, `>`, `&&`, etc.). ### Details The MCP Server exposes tools to run code inside a docker container. An MCP Client can be instructed to execute additional actions for example via indirect prompt injection when asked to generate code that read a file. Below some example of vulnerable code and different ways to test this vulnerability including a real example o...