![]() The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.Ĭross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions.ĬC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. ![]() ![]() This exposes the e-mail content to unintended audiences. The e-mail content sent to SES may end up in telemetry backend. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. ![]() OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.Ī cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.Ī missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins. Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability. NOTE: the vendor's position is that there is no security threat. ** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. ![]() A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |