Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
beaker vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-34207
A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and previous versions allows malicious users to connect to an attacker-specified URL.
Jenkins Beaker Builder
356
VMScore
CVE-2022-34208
A missing permission check in Jenkins Beaker builder Plugin 1.10 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Jenkins Beaker Builder
463
VMScore
CVE-2013-7489
The Beaker library up to and including 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.
Beakerbrowser Beaker
668
VMScore
CVE-2020-12079
Beaker prior to 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.
Beakerbrowser Beaker
695
VMScore
CVE-2019-16889
Ubiquiti EdgeMAX devices prior to 2.0.3 allow remote malicious users to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cook...
Ui Er-x Firmware
Ui Er-x-sfp Firmware
Ui Ep-r6 Firmware
Ui Erlite-3 Firmware
Ui Erpoe-5 Firmware
Ui Er-8 Firmware
Ui Erpro-8 Firmware
Ui Ep-r8 Firmware
Ui Er-4 Firmware
Ui Er-6p Firmware
Ui Er-12 Firmware
Ui Er-8-xg Firmware
2 Github repositories
187
VMScore
CVE-2019-10398
Jenkins Beaker Builder Plugin 1.9 and previous versions stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Jenkins Beaker Builder
356
VMScore
CVE-2015-3160
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker prior to 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file syste...
Beaker-project Beaker
312
VMScore
CVE-2015-3162
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
Beaker-project Beaker 20.1
312
VMScore
CVE-2015-3161
The search bar code in bkr/server/widgets.py in Beaker prior to 20.1 does not escape </script> tags in string literals when producing JSON.
Beaker-project Beaker
356
VMScore
CVE-2015-3163
The admin pages for power types and key types in Beaker prior to 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
Redhat Beaker
Redhat Beaker 20.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »