Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
beaker vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-34208
A missing permission check in Jenkins Beaker builder Plugin 1.10 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Jenkins Beaker Builder
4.3
CVSSv2
CVE-2022-34207
A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Beaker Builder
5.2
CVSSv2
CVE-2013-7489
The Beaker library up to and including 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.
Beakerbrowser Beaker
7.5
CVSSv2
CVE-2020-12079
Beaker prior to 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.
Beakerbrowser Beaker
7.8
CVSSv2
CVE-2019-16889
Ubiquiti EdgeMAX devices prior to 2.0.3 allow remote malicious users to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cook...
Ui Er-x Firmware
Ui Er-x-sfp Firmware
Ui Ep-r6 Firmware
Ui Erlite-3 Firmware
Ui Erpoe-5 Firmware
Ui Er-8 Firmware
Ui Erpro-8 Firmware
Ui Ep-r8 Firmware
Ui Er-4 Firmware
Ui Er-6p Firmware
Ui Er-12 Firmware
Ui Er-8-xg Firmware
2 Github repositories
2.1
CVSSv2
CVE-2019-10398
Jenkins Beaker Builder Plugin 1.9 and previous versions stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Jenkins Beaker Builder
4
CVSSv2
CVE-2015-3163
The admin pages for power types and key types in Beaker prior to 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
Redhat Beaker
Redhat Beaker 20.0
3.5
CVSSv2
CVE-2015-3161
The search bar code in bkr/server/widgets.py in Beaker prior to 20.1 does not escape </script> tags in string literals when producing JSON.
Beaker-project Beaker
3.5
CVSSv2
CVE-2015-3162
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
Beaker-project Beaker 20.1
4
CVSSv2
CVE-2015-3160
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker prior to 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file syste...
Beaker-project Beaker
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »