8 matches found
EUVD-2022-2866
Malicious code in bioql PyPI...
CVE-2018-1000191
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...
Jenkins Black Duck Detect Plugin information exposure vulnerability
Jenkins Black Duck Detect Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credential...
CloudBees Jenkins Black Duck Detect Plugin Information Disclosure Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is a set of U.S. CloudBees, Inc. based on Java development of continuous integration tools , the tool is mainly used to monitor the order of repetitive work . Black Duck Detect Plugin is used in one of the plug-ins for the detection of known securit...
CVE-2018-1000191
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...
CVE-2018-1000191
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...
CVE-2018-1000191
The CVE-2018-1000191 issue affects Jenkins Black Duck Detect Plugin (versions 1.4.0 and older). A flaw in DetectPostBuildStepDescriptor.java lets attackers with Overall/Read access connect to an attacker-specified URL using attacker-specified credentials IDs, enabling capture of credentials store...
CVE-2018-1000191
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...