Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Jenkins
Information Disclosure
Team Foundation Server
NVD
CVSS 3.1
3.3
EPSS
0.3%
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Lenovo
Information Disclosure
Thinkpad T490 20Nx Firmware
Thinkpad T490 20Qx Firmware
Thinkpad T490 20Rx Firmware
+7
NVD
CVSS 3.1
2.4
EPSS
0.3%