2 results (0.004 seconds)

CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 0

SaltStack RSA Key Generation allows remote users to decrypt communications SaltStack RSA Key Generation, permite a usuarios remotos descifrar las comunicaciones. • http://www.openwall.com/lists/oss-security/2013/07/01/1 http://www.securityfocus.com/bid/60868 http://www.securitytracker.com/id/1028717 https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2228 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2228 https://exchange.xforce.ibmcloud.com/vulnerabilities/85372 https://security-tracker.debian.org/tracker/CVE-2013-2228 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. Existe una vulnerabilidad de exposición de información sensible en el plugin SaltStack en Jenkins en versiones 3.1.6 y anteriores en SaltAPIBuilder.java y SaltAPIStep.java que permite que los atacantes capturen credenciales con un ID de credenciales conocido almacenado en Jenkins. • https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1009 • CWE-352: Cross-Site Request Forgery (CSRF) •