CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

Path Traversal

Jenkins Redpen – Pipeline Reporter for Jira Plugin is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation of the workspace directory during artifact upload, where the plugin fails to enforce proper directory constraints, allowing attackers with Item/Configure...

CVE-2025-9571

A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of the workspace directory path during artifact upload. An attacker can access arbitrary files from the Jenkins controller workspace directory by supplying crafted paths. Details A Directory...

Jenkins Redpen - Pipeline Reporter for Jira Plugin has a path traversal vulnerability

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

CVE-2025-67643

Jenkins Redpen - Pipeline Reporter for Jira Plugin 1.054.v7b9517b6b202 and earlier does not correctly perform path validation of the workspace directory while uploading artifacts to Jira, allowing attackers with Item/Configure permission to retrieve files present on the Jenkins controller workspa...

CVE-2025-67643

CVE-2025-67643 affects Jenkins Redpen - Pipeline Reporter for Jira Plugin (versions 1.054.v7b_9517b_6b_202 and earlier). The vulnerability is a path traversal flaw: improper validation of the workspace directory path during artifact uploads to Jira, enabling attackers with Item/Configure permissi...

CVE-2025-9571

CVE-2025-9571 is a remote code execution vulnerability in Google Cloud Data Fusion. An attacker with permission to upload artifacts to a Data Fusion instance can execute arbitrary code in the core AppFabric component, potentially gaining control of the Data Fusion instance and leading to unauthor...

CVE-2025-9571 Arbitrary Code Execution in Google Cloud Data Fusion via Malicious Artifact Upload

A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...

CVE-2025-9571 Arbitrary Code Execution in Google Cloud Data Fusion via Malicious Artifact Upload

A remote code execution RCE vulnerability exists in Google Cloud Data Fusion. A user with permissions to upload artifacts to a Data Fusion instance can execute arbitrary code within the core AppFabric component. This could allow the attacker to gain control over the Data Fusion instance,...

PT-2025-50361

Name of the Vulnerable Software and Affected Versions Jenkins Redpen - Pipeline Reporter for Jira Plugin versions 1.054.v7b 9517b 6b 202 and earlier Description The Jenkins Redpen - Pipeline Reporter for Jira Plugin does not properly validate file paths within the workspace directory during...

EUVD-2017-16487

Malware in sbrugna...

EUVD-2025-14690

Malicious code in bioql PyPI...

CVE-2025-46820

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

CVE-2025-32958

Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...

CVE-2025-32958

Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...

CVE-2025-32953 z80pack Vulnerable to Exposure of the GITHUB_TOKEN in Workflow Run Artifact

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...