Vulnerabilities > Oracle > Communications Cloud Native Core Automated Test Suite > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2022-20612 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.
network
low complexity
jenkins oracle CWE-352
4.3
2022-01-12 CVE-2022-20613 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
network
low complexity
jenkins oracle CWE-352
4.3
2022-01-12 CVE-2022-20614 Missing Authorization vulnerability in multiple products
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.
network
low complexity
jenkins oracle CWE-862
4.3
2022-01-12 CVE-2022-20615 Cross-site Scripting vulnerability in multiple products
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
network
low complexity
jenkins oracle CWE-79
5.4
2021-08-23 CVE-2021-39140 XStream is a simple library to serialize objects to XML and back again. 6.3
2021-07-26 CVE-2021-22144 Uncontrolled Recursion vulnerability in multiple products
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser.
network
low complexity
elastic oracle CWE-674
6.5
2021-07-21 CVE-2021-22145 Information Exposure Through an Error Message vulnerability in multiple products
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting.
network
low complexity
elastic oracle CWE-209
6.5
2021-07-14 CVE-2021-36373 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
2021-07-14 CVE-2021-36374 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
2021-03-08 CVE-2021-22134 Incorrect Authorization vulnerability in multiple products
A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used.
network
low complexity
elastic oracle CWE-863
4.3