MidnightBSD

Advisories for inedo

CVE-2017-14944 MEDIUM

Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
inedo proget *
CVE-2017-15607 HIGH

Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
inedo otter *
CVE-2017-15608 MEDIUM

Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
inedo proget *
CVE-2017-16520 MEDIUM

Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
inedo buildmaster *
CVE-2017-16521 HIGH

In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
inedo buildmaster *
CVE-2017-16760 MEDIUM

Inedo BuildMaster before 5.8.2 has XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
inedo buildmaster *
CVE-2017-16761 MEDIUM

An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
inedo buildmaster *
CVE-2017-17086 HIGH

Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
inedo otter *