24 matches found
EUVD-2022-2703
Malicious code in bioql PyPI...
EUVD-2022-3931
Malicious code in bioql PyPI...
CVE-2022-29037
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-G9HG-X9C9-7XGR XXE vulnerability in Jenkins CVS Plugin
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller...
XXE vulnerability in Jenkins CVS Plugin
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins controller...
GHSA-63MW-HP3H-GC77 CSRF vulnerability in Jenkins CVS Plugin
CVS Plugin 2.15 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. CVS Plugin 2.16 now requires POST requests for the...
CSRF vulnerability in Jenkins CVS Plugin
CVS Plugin 2.15 and earlier does not require POST requests in several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. This allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. CVS Plugin 2.16 now requires POST requests for the...
Stored XSS in Jenkins CVS Plugin
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-GHQ2-M3PQ-QF3P Stored XSS in Jenkins CVS Plugin
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29037
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29037
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29037
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29037
CVE-2022-29037 affects Jenkins CVS Plugin, versions 2.19 and earlier. Root cause: the plugin does not escape the name/description of CVS Symbolic Name parameters on parameter-views, causing stored XSS. Exploitation requires Item/Configure permission; no exploitation details or patches are provide...
CVE-2020-2324
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2324
The CVE-2020-2324 issue affects Jenkins CVS Plugin versions 2.16 and earlier. The root cause is that the plugin’s XML parser does not disable XML External Entity (XXE) processing, enabling an attacker who can control an agent process to have Jenkins parse a crafted changelog file that can exfiltr...
PT-2020-15558 · Jenkins · Jenkins Cas Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CVS Plugin versions 2.16 and earlier Description: The issue allows attackers who can control an agent process to have Jenkins parse a crafted changelog file, using external entities for extraction of secrets from the Jenkins controlle...
CVE-2020-2184
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL...
CVE-2020-2184
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL...