23 matches found
EUVD-2022-6898
Malicious code in bioql PyPI...
CVE-2022-41232
A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...
CVE-2022-41230
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to tho...
CVE-2022-41231
Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...
Code injection
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to tho...
Design/Logic Flaw
Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint...
CVE-2022-41232
A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...
CVE-2022-41232
CVE-2022-41232 is a cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin (versions 1.22 and earlier). The issue allows an attacker to replace any config.xml file on the Jenkins controller filesystem with an empty file by supplying a crafted file name to an API endpoin...
CVE-2022-41232
A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...
CVE-2022-41231
Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint...
CVE-2022-41230
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to tho...
CVE-2022-41231
CVE-2022-41231 : Jenkins Build-Publisher Plugin
CVE-2022-41230
CVE-2022-41230 affects Jenkins Build-Publisher Plugin 1.22 and earlier. The root cause is a missing permission check in an HTTP endpoint, enabling attackers with Overall/Read permission to enumerate sensitive data: names and URLs of Jenkins servers configured for publishing, plus builds pending f...
PT-2022-25748 · Jenkins · Jenkins Build-Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Build-Publisher Plugin versions 1.22 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a...
PT-2022-25746 · Jenkins · Jenkins Build-Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Build-Publisher Plugin versions 1.22 and earlier Description: The issue is related to a missing permission check in an HTTP endpoint, which allows attackers with Overall/Read permission to obtain the names and URLs of Jenkins servers...
Jenkins Build-Publisher Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...
PT-2022-25747 · Jenkins · Jenkins Build-Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Build-Publisher Plugin versions 1.22 and earlier Description: The issue allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to...
Jenkins Build-Publisher Plugin 路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A path traversal...
Jenkins Build-Publisher Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...