Pankaj Upadhyay

**Name of the Vulnerable Software and Affected Versions** Audible application versions through 2.34.0 for Android **Description** The issue concerns missing SSL certificate validation for Adobe SDKs in the Audible application, allowing man-in-the-middle (MITM) attackers to cause a denial of service. **Recommendations** For versions through 2.34.0, update to a version that includes the fix for the missing SSL certificate validation issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Webex Event Center (affected versions not specified) Cisco Webex Meeting Center (affected versions not specified) Cisco Webex Support Center (affected versions not specified) Cisco Webex Training Center (affected versions not specified) **Description** A vulnerability in the web interface of the Cisco Webex products could allow an unauthenticated, remote attacker to guess account usernames due to missing CAPTCHA protection in certain URLs. An attacker could exploit this by sending a crafted request to the web interface, potentially allowing them to determine if a given username is valid and find the real name of the user. **Recommendations** For Cisco Webex Event Center, consider implementing CAPTCHA protection for all URLs as a temporary workaround until a patch is available. For Cisco Webex Meeting Center, restrict access to sensitive information to minimize the risk of exploitation. For Cisco Webex Support Center, avoid using vulnerable URLs in the web interface until the issue is resolved. For Cisco Webex Training Center, disable any features that rely on username validation until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jenkins Credentials Plugin versions 2.1.18 and earlier **Description** The issue allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path and obtain the certificate content of files containing a PKCS#12 certificate. This can lead to information leakage about files and directories. An attacker can exploit this to create or update credentials and gain access to files containing a PKCS#12 certificate. **Recommendations** For Jenkins Credentials Plugin versions 2.1.18 and earlier, update to a version later than 2.1.18 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.