CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16520
https://notcve.org/view.php?id=CVE-2017-16520
11 Nov 2017 — Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. Las versiones anteriores a la 5.8.2 de Inedo BuildMaster no restringen correctamente la creación de escuchas de eventos RequireManageAllPrivileges. • https://inedo.com/blog/buildmaster-582-released • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16760
https://notcve.org/view.php?id=CVE-2017-16760
10 Nov 2017 — Inedo BuildMaster before 5.8.2 has XSS. Las versiones anteriores a la 5.8.2 de Inedo BuildMaster tienen Cross-Site Scripting (XSS). • https://inedo.com/blog/buildmaster-582-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16761
https://notcve.org/view.php?id=CVE-2017-16761
10 Nov 2017 — An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. Una vulnerabilidad de redirección abierta en Inedo BuildMaster en versiones anteriores a la 5.8.2 permite que atacantes remotos redireccionen usuarios a sitios web arbitrarios. • https://inedo.com/blog/buildmaster-582-released • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16521
https://notcve.org/view.php?id=CVE-2017-16521
10 Nov 2017 — In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. En versiones anteriores a la 5.8.2 de Inedo BuildMaster, se utilizó XslTransform donde se debería haber empleado XslCompiledTransform. • https://gitlab.com/inedo/buildmaster/commit/4f4c737fefe44c3227535946f535fb7ef468d721 •