EUVD-2022-3214

Malicious code in bioql PyPI...

EUVD-2022-2426

Malicious code in bioql PyPI...

EUVD-2022-5841

Malicious code in bioql PyPI...

EUVD-2022-3637

Malicious code in bioql PyPI...

EUVD-2022-4033

Malicious code in bioql PyPI...

EUVD-2022-2208

Malicious code in bioql PyPI...

EUVD-2022-4610

Malicious code in bioql PyPI...

CVE-2020-2164

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2165

Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

CVE-2019-10324

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseActiondoSubmit, GradleReleaseApiActiondoStaging, MavenReleaseApiActiondoStaging, and UnifiedPromoteBuildActiondoSubmit allowed attackers to schedule a release build, perform release staging for...

CVE-2019-10322

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10321

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

CVE-2019-10323

A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

com.lookout.jenkins:environment-script (=1.2.5), org.jenkins-ci.plugins:artifactory (>=2.12.0 <=2.12.1) +1 more potentially affected by CVE-2023-41938 via org.jenkins-ci.plugins:ivy (>=1.17 <=1.26)

org.jenkins-ci.plugins:ivy MAVEN version =1.17, =2.12.0, =0.6, =0.8 Source cves: CVE-2023-41938 Source advisory: OSV:GHSA-63VW-RPRV-4F8J...

org.jenkins-ci.main:jenkins-test-harness-tools (=2.2), org.jenkins-ci.plugins:artifactory (>=2.12.0 <=2.12.1) +2 more potentially affected by CVE-2023-39152 via org.jenkins-ci.plugins:gradle (>=1.15 <=2.19.1244.v1f9866817fec)

org.jenkins-ci.plugins:gradle MAVEN version =1.15, =2.12.0, =0.8.0, =0.20.0 Source cves: CVE-2023-39152 Source advisory: OSV:GHSA-PVJF-4HFG-WR84...

Cross-site request forgery vulnerability in Jenkins Artifactory Plugin

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseActiondoSubmit, GradleReleaseApiActiondoStaging, MavenReleaseApiActiondoStaging, and UnifiedPromoteBuildActiondoSubmit allowed attackers to schedule a release build, perform release staging for...

GHSA-MQJ3-FC39-73FJ Cross-site request forgery vulnerability in Jenkins Artifactory Plugin

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseActiondoSubmit, GradleReleaseApiActiondoStaging, MavenReleaseApiActiondoStaging, and UnifiedPromoteBuildActiondoSubmit allowed attackers to schedule a release build, perform release staging for...

Jenkins Artifactory Plugin cross-site request forgery vulnerability

Jenkins Artifactory Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...

GHSA-3M8W-442M-3P2Q Jenkins Artifactory Plugin missing permission check

Jenkins Artifactory Plugin provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used...

Jenkins Artifactory Plugin missing permission check

Jenkins Artifactory Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...