Pavel Roskin

#11339of 53,633
24.3Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2020-15425
4.3
2020-07-02
Jenkins · Jenkins Stash Branch Parameter Plugin · CVE-2020-2210
**Name of the Vulnerable Software and Affected Versions** Jenkins Stash Branch Parameter Plugin versions 0.3.0 and earlier **Description** The issue concerns the transmission of configured passwords in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. This occurs because the Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file `org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml` on the Jenkins controller. Although the password is stored encrypted on disk, it is transmitted in plain text as part of the configuration form. This can lead to password exposure through browser extensions, cross-site scripting vulnerabilities, and similar situations. The issue affects Jenkins versions before 2.236, including 2.235.x LTS, due to the lack of transparent encryption and decryption of data used for a Jenkins password form field, which is introduced in Jenkins 2.236. **Recommendations** For Jenkins Stash Branch Parameter Plugin versions 0.3.0 and earlier, consider disabling the plugin until a patch is available to prevent the transmission of configured passwords in plain text. For Jenkins versions before 2.236, including 2.235.x LTS, update to Jenkins 2.236 or later to benefit from the security hardening that transparently encrypts and decrypts data used for a Jenkins password form field.
PT-2004-3687
10
1970-01-01
Suse · Suse Linux Enterprise · CVE-2005-3180
**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel versions prior to 2.6.13 SUSE Linux Enterprise kernel (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in the kernel of Debian GNU/Linux and SUSE Linux Enterprise operating systems. These vulnerabilities can be exploited remotely, leading to a breach of confidentiality, integrity, and availability of protected information. The Orinoco driver in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, allowing remote attackers to obtain sensitive information. **Recommendations** For Debian GNU/Linux kernel versions prior to 2.6.13, update to a version 2.6.13 or later to resolve the issue. For SUSE Linux Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2009-6664
10
1970-01-01
Linux · Linux Kernel · CVE-2009-0322
**Name of the Vulnerable Software and Affected Versions** linux-image-2.6.26-1-parisc-smp version 2.6.26-1 linux-image-2.6.26-1-486 version 2.6.26-1 linux-image-2.6.26-1-alpha-smp version 2.6.26-1 linux-headers-2.6.26-1-486 version 2.6.26-1 linux-headers-2.6.26-1-common-vserver version 2.6.26-1 linux-image-2.6.26-1-iop32x version 2.6.26-1 linux-headers-2.6.26-1-s390x version 2.6.26-1 linux-headers-2.6.26-1-all version 2.6.26-1 linux-headers-2.6.26-1-sparc64-smp version 2.6.26-1 linux-image-2.6.26-1-vserver-powerpc version 2.6.26-1 linux-headers-2.6.26-1-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-r5k-cobalt version 2.6.26-1 linux-image-2.6.26-1-xen-amd64 version 2.6.26-1 linux-image-2.6.26-1-r5k-ip32 version 2.6.26-1 linux-image-2.6.26-1-5kc-malta version 2.6.26-1 linux-headers-2.6.26-1-parisc64-smp version 2.6.26-1 linux-image-2.6.26-1-vserver-686 version 2.6.26-1 linux-image-2.6.26-1-vserver-powerpc64 version 2.6.26-1 linux-image-2.6.26-1-vserver-itanium version 2.6.26-1 linux-image-2.6.26-1-alpha-generic version 2.6.26-1 linux-headers-2.6.26-1-powerpc version 2.6.26-1 linux-image-2.6.26-1-r4k-ip22 version 2.6.26-1 linux-headers-2.6.26-1-alpha-generic version 2.6.26-1 linux-image-2.6.26-1-vserver-mckinley version 2.6.26-1 linux-image-2.6.26-1-vserver-amd64 version 2.6.26-1 linux-headers-2.6.26-1-vserver-itanium version 2.6.26-1 linux-image-2.6.26-1-powerpc version 2.6.26-1 linux-headers-2.6.26-1-r5k-ip32 version 2.6.26-1 linux-headers-2.6.26-1-itanium version 2.6.26-1 linux-image-2.6.26-1-sb1-bcm91250a version 2.6.26-1 linux-headers-2.6.26-1-vserver-mckinley version 2.6.26-1 linux-headers-2.6.26-1-all-ia64 version 2.6.26-1 linux-headers-2.6.26-1-all-i386 version 2.6.26-1 linux-image-2.6.26-1-mckinley version 2.6.26-1 linux-headers-2.6.26-1-all-powerpc version 2.6.26-1 linux-image-2.6.26-1-vserver-686-bigmem version 2.6.26-1 linux-image-2.6.26-1-sparc64-smp version 2.6.26-1 linux-image-2.6.26-1-versatile version 2.6.26-1 linux-image-2.6.26-1-vserver-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-vserver-686-bigmem version 2.6.26-1 linux-headers-2.6.26-1-all-hppa version 2.6.26-1 linux-image-2.6.26-1-parisc64-smp version 2.6.26-1 linux-headers-2.6.26-1-all-arm version 2.6.26-1 linux-headers-2.6.26-1-686-bigmem version 2.6.26-1 linux-headers-2.6.26-1-vserver-amd64 version 2.6.26-1 linux-image-2.6.26-1-amd64 version 2.6.26-1 linux-image-2.6.26-1-s390-tape version 2.6.26-1 linux-headers-2.6.26-1-all-mipsel version 2.6.26-1 linux-headers-2.6.26-1-xen-amd64 version 2.6.26-1 linux-headers-2.6.26-1-4kc-malta version 2.6.26-1 linux-headers-2.6.26-1-footbridge version 2.6.26-1 linux-headers-2.6.26-1-amd64 version 2.6.26-1 linux-headers-2.6.26-1-vserver-s390x version 2.6.26-1 linux-headers-2.6.26-1-parisc-smp version 2.6.26-1 linux-headers-2.6.26-1-iop32x version 2.6.26-1 linux-image-2.6.26-1-686 version 2.6.26-1 linux-support-2.6.26-1 version 2.6.26-1 linux-headers-2.6.26-1-xen-686 version 2.6.26-1 linux-image-2.6.26-1-powerpc-smp version 2.6.26-1 linux-headers-2.6.26-1-all-amd64 version 2.6.26-1 linux-headers-2.6.26-1-parisc version 2.6.26-1 linux-modules-2.6.26-1-xen-amd64 version 2.6.26-1 linux-image-2.6.26-1-sb1a-bcm91480b version 2.6.26-1 linux-image-2.6.26-1-r5k-cobalt version 2.6.26-1 linux-headers-2.6.26-1-vserver-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-common-openvz version 2.6.26-1 linux-headers-2.6.26-1-openvz-amd64 version 2.6.26-1 linux-image-2.6.26-1-alpha-legacy version 2.6.26-1 linux-image-2.6.26-1-openvz-686 version 2.6.26-1 linux-headers-2.6.26-1-s390 version 2.6.26-1 linux-headers-2.6.26-1-vserver-powerpc version 2.6.26-1 linux-image-2.6.26-1-vserver-s390x version 2.6.26-1 linux-image-2.6.26-1-xen-686 version 2.6.26-1 linux-headers-2.6.26-1-versatile version 2.6.26-1 linux-headers-2.6.26-1-vserver-powerpc64 version 2.6.26-1 linux-headers-2.6.26-1-common version 2.6.26-1 linux-image-2.6.26-1-footbridge version 2.6.26-1 linux-image-2.6.26-1-parisc64 version 2.6.26-1 linux-headers-2.6.26-1-alpha-legacy version 2.6.26-1 linux-image-2.6.26-1-686-bigmem version 2.6.26-1 linux-headers-2.6.26-1-all-armel version 2.6.26-1 linux-headers-2.6.26-1-all-alpha version 2.6.26-1 linux-headers-2.6.26-1-r4k-ip22 version 2.6.26-1 linux-headers-2.6.26-1-sb1a-bcm91480b version 2.6.26-1 linux-headers-2.6.26-1-common-xen version 2.6.26-1 linux-image-2.6.26-1-s390x version 2.6.26-1 linux-headers-2.6.26-1-mckinley version 2.6.26-1 linux-image-2.6.26-1-parisc version 2.6.26-1 linux-headers-2.6.26-1-orion5x version 2.6.26-1 linux-headers-2.6.26-1-openvz-686 version 2.6.26-1 linux-headers-2.6.26-1-vserver-686 version 2.6.26-1 linux-image-2.6.26-1-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-powerpc64 version 2.6.26-1 linux-image-2.6.26-1-itanium version 2.6.26-1 linux-image-2.6.26-1-orion5x version 2.6.26-1 linux-headers-2.6.26-1-ixp4xx version 2.6.26-1 linux-headers-2.6.26-1-all-sparc version 2.6.26-1 linux-image-2.6.26-1-openvz-amd64 version 2.6.26-1 linux-image-2.6.26-1-ixp4xx version 2.6.26-1 linux-headers-2.6.26-1-parisc64 version 2.6.26-1 linux-headers-2.6.26-1-powerpc-smp version 2.6.26-1 linux-headers-2.6.26-1-all-s390 version 2.6.26-1 linux-headers-2.6.26-1-5kc-malta version 2.6.26-1 linux-image-2.6.26-1-powerpc64 version 2.6.26-1 linux-modules-2.6.26-1-xen-686 version 2.6.26-1 linux-headers-2.6.26-1-sb1-bcm91250a version 2.6.26-1 linux-image-2.6.26-1-s390 version 2.6.26-1 linux-image-2.6.26-1-4kc-malta version 2.6.26-1 linux-headers-2.6.26-1-686 version 2.6.26-1 linux-headers-2.6.26-1-all-mips version 2.6.26-1 **Description** The issue affects the Linux kernel, allowing local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the `image type` or `packet size` file in `/sys/devices/platform/dell rbu/`. The vulnerability can be exploited remotely. It may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.