3 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. • https://github.com/kbase/metrics/commit/959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d https://github.com/kbase/metrics/pull/77 https://vuldb.com/?ctiid.217059 https://vuldb.com/?id.217059 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. El plugin de Jenkins Metrics versiones 4.0.2.8 y anteriores, almacena una clave de acceso sin cifrar en su archivo de configuración global en el controlador de Jenkins, donde puede ser visualizado por usuarios con acceso al sistema de archivos del controlador de Jenkins • http://www.openwall.com/lists/oss-security/2022/01/12/6 https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1624 • CWE-522: Insufficiently Protected Credentials •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. Los scripts de metrics 1.0 halstead y gather_stats permiten a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink attack) sobre ficheros temporales. • http://www.debian.org/security/2003/dsa-279 http://www.securityfocus.com/bid/7293 https://exchange.xforce.ibmcloud.com/vulnerabilities/11734 •