Skip to main content

Ontrack

3 CVEs product

Monthly

CVE-2022-37164 CRITICAL Act Now

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ontrack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-34192 Maven MEDIUM This Month

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ontrack
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-10306 Maven CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Ontrack
NVD
CVSS 3.1
9.9
EPSS
2.4%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ontrack
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Ontrack
NVD
EPSS 2% CVSS 9.9
CRITICAL PATCH Act Now

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Ontrack
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy