RedPacket Security - InfoSec News & Tutorials

Jenkins Azure VM Agents Plugin security bypass | CVE-2023-32990

May 17, 2023

NAME__________Jenkins Azure VM Agents Plugin security bypassPlatforms Affected:Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43Risk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins Azure VM Agents Plugin...

Jenkins Pipeline Utility Steps Plugin directory traversal | CVE-2023-32981

May 17, 2023

NAME__________Jenkins Pipeline Utility Steps Plugin directory traversalPlatforms Affected:Jenkins Pipeline Utility Steps Plugin 2.15.2Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Pipeline Utility Steps Plugin...

Jenkins AppSpider Plugin security bypass | CVE-2023-32999

May 17, 2023

NAME__________Jenkins AppSpider Plugin security bypassPlatforms Affected:Jenkins AppSpider Plugin 1.0.15Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins AppSpider Plugin could allow a remote authenticated attacker...

Jenkins HashiCorp Vault Plugin information disclosure | CVE-2023-33001

May 17, 2023

NAME__________Jenkins HashiCorp Vault Plugin information disclosurePlatforms Affected:Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807dRisk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins HashiCorp Vault Plugin could allow a...

Jenkins Ansible Plugin information disclosure | CVE-2023-32983

May 17, 2023

NAME__________Jenkins Ansible Plugin information disclosurePlatforms Affected:Jenkins Ansible Plugin 204.v8191fd551eb_fRisk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Ansible Plugin could allow a remote authenticated attacker...

Jenkins WSO2 Oauth Plugin cross-site request forgery | CVE-2023-33006

May 17, 2023

NAME__________Jenkins WSO2 Oauth Plugin cross-site request forgeryPlatforms Affected:Jenkins WSO2 Oauth Plugin 1.0Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins WSO2 Oauth Plugin is vulnerable...

Jenkins SAML Single Sign On(SSO) Plugin security bypass | CVE-2023-32996

May 17, 2023

NAME__________Jenkins SAML Single Sign On(SSO) Plugin security bypassPlatforms Affected:Jenkins SAML Single Sign On(SSO) Plugin 2.0.0Risk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Jenkins SAML Single...

Collaboraonline cross-site scripting | CVE-2023-31145

May 17, 2023

NAME__________Collaboraonline cross-site scriptingPlatforms Affected:Risk Level:4.3Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Collaboraonline is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...

Jenkins Email Extension Plugin information disclosure | CVE-2023-32979

May 17, 2023

NAME__________Jenkins Email Extension Plugin information disclosurePlatforms Affected:Jenkins Email Extension Plugin 2.96Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Email Extension Plugin could allow a...

Jenkins Azure VM Agents Plugin information disclosure | CVE-2023-32988

May 17, 2023

NAME__________Jenkins Azure VM Agents Plugin information disclosurePlatforms Affected:Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Jenkins Azure VM Agents Plugin...

Jenkins Email Extension Plugin cross-site request forgery | CVE-2023-32980

May 17, 2023

NAME__________Jenkins Email Extension Plugin cross-site request forgeryPlatforms Affected:Jenkins Email Extension Plugin 2.96Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Email Extension Plugin is vulnerable...

Jenkins Code Dx Plugin information disclosure | CVE-2023-2196

May 17, 2023

NAME__________Jenkins Code Dx Plugin information disclosurePlatforms Affected:Jenkins Code Dx Plugin 3.1.0Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins Code Dx Plugin could allow a...

Jenkins LDAP Plugin cross-site request forgery | CVE-2023-32978

May 17, 2023

NAME__________Jenkins LDAP Plugin cross-site request forgeryPlatforms Affected:Jenkins LDAP Plugin 673.v034ec70ec2b_b_Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Jenkins LDAP Plugin is vulnerable to cross-site request...

0dd22357571c44f6527c1155a1fa4a5022888926493de08a328324b0d10d0f72

U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator

May 17, 2023

A Russian national has been charged and indicted by the U.S. Department of Justice (DoJ) for launching ransomware attacks against...

Parental control app with 5 million downloads vulnerable to attacks

May 17, 2023

Image: Gaelle Marcel Kiddowares 'Parental Control – Kids Place' app for Android is impacted by multiple vulnerabilities that could enable attackers...

Open-source Cobalt Strike port ‘Geacon’ used in macOS attacks

May 17, 2023

Geacon, a Go-based implementation of the beacon from the widely abused penetration testing suite Cobalt Strike, is being used more and more...

New ZIP domains spark debate among cybersecurity experts

May 17, 2023

Cybersecurity researchers and IT admins have raised concerns over Google's new ZIP and MOV Internet domains, warning that threat actors...

Hackers use Azure Serial Console for stealthy access to VMs

May 17, 2023

A financially motivated cybergang tracked by Mandiant as 'UNC3944' is using phishing and SIM swapping attacks to hijack Microsoft Azure...

Hackers infect TP-Link router firmware to attack EU entities

May 17, 2023

A Chinese state-sponsored hacking group named "Camaro Dragon" infects residential TP-Link routers with a custom "Horse Shell" malware used to...

Russian ransomware affiliate charged with attacks on critical infrastructure

May 17, 2023

The U.S. Justice Department has filed charges against a Russian citizen named Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x,...

Ransomware Prevention – Are Meeting Password Security Requirements Enough

May 17, 2023

As ransomware attacks continue to wreak havoc on organizations worldwide, many official standards and regulations have been established to address...

CISA: CISA Releases Two Industrial Control Systems Advisories

May 17, 2023

CISA Releases Two Industrial Control Systems Advisories CISA released two Industrial Control Systems (ICS) advisories on May 9, 2023. These...

CISA: Mozilla Releases Security Advisories for Multiple Products

May 17, 2023

Mozilla Releases Security Advisories for Multiple Products Mozilla has released security advisories to address vulnerabilities in Thunderbird, Firefox and Firefox...

CISA: Microsoft Releases May 2023 Security Updates

May 17, 2023

Microsoft Releases May 2023 Security Updates Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can...

Main Story

Insider Threat Management Unlocked: A Practical Guide for 2025

Editor’s Picks

Trending Story

Featured Story

You may have missed