Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
beaker vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2015-3160
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker prior to 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file syste...
Beaker-project Beaker
3.5
CVSSv2
CVE-2015-3161
The search bar code in bkr/server/widgets.py in Beaker prior to 20.1 does not escape </script> tags in string literals when producing JSON.
Beaker-project Beaker
3.5
CVSSv2
CVE-2015-3162
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
Beaker-project Beaker 20.1
4
CVSSv2
CVE-2015-3163
The admin pages for power types and key types in Beaker prior to 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
Redhat Beaker
Redhat Beaker 20.0
4.3
CVSSv2
CVE-2012-3458
Beaker prior to 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote malicious users to obtain portions of sensitive session data via unspecified vectors.
Python Beaker
7.5
CVSSv2
CVE-2020-12079
Beaker prior to 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.
Beakerbrowser Beaker
5.2
CVSSv2
CVE-2013-7489
The Beaker library up to and including 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.
Beakerbrowser Beaker
4.3
CVSSv2
CVE-2022-34207
A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Beaker Builder
4
CVSSv2
CVE-2022-34208
A missing permission check in Jenkins Beaker builder Plugin 1.10 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Jenkins Beaker Builder
2.1
CVSSv2
CVE-2019-10398
Jenkins Beaker Builder Plugin 1.9 and previous versions stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Jenkins Beaker Builder
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »