Brian Hysell

Researcher fromSynopsys Software Integrity Group
#11516of 53,638
23.9Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2024-5656
10
2024-06-12
Palo Alto Networks · Palo Alto Networks Expedition · CVE-2024-5910
**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Expedition versions prior to 1.2.92 **Description** The vulnerability is related to a missing authentication mechanism for a critical function in Palo Alto Networks Expedition, allowing an attacker with network access to take over an admin account and potentially access configuration secrets, credentials, and other data. This issue has been actively exploited by attackers, and it is recommended to update to the latest version to mitigate the risks. **Recommendations** Update to Palo Alto Networks Expedition version 1.2.92 or later to fix the missing authentication vulnerability. As a temporary workaround, consider restricting access to the Expedition server to minimize the risk of exploitation.
PT-2022-4032
6.8
2022-07-27
Jenkins · Jenkins Clif Performance Testing Plugin · CVE-2022-36894
**Name of the Vulnerable Software and Affected Versions** Jenkins CLIF Performance Testing Plugin versions 64.vc0d66de1dfb f and earlier **Description** The issue is related to an arbitrary file write vulnerability. This vulnerability allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. The vulnerability is due to incorrect restriction of a directory path with limited access. **Recommendations** For Jenkins CLIF Performance Testing Plugin versions 64.vc0d66de1dfb f and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-14723
7.1
2021-08-31
Jenkins · Jenkins Nested View Plugin · CVE-2021-21680
**Name of the Vulnerable Software and Affected Versions** Jenkins Nested View Plugin versions 1.20 and earlier **Description** The issue arises from the Jenkins Nested View Plugin not configuring its XML transformer to prevent XML external entity (XXE) attacks. This allows attackers who can configure views to have Jenkins parse a crafted view XML definition, using external entities for extraction of secrets from the Jenkins controller or for server-side request forgery. **Recommendations** For Jenkins Nested View Plugin versions 1.20 and earlier, update to version 1.21 or later, which disables external entity resolution for its XML transformer.