32 matches found
Embedded Malicious Code
Overview com.checkmarx.jenkins:checkmarx-ast-scanner is a plugin that allows the user to scan their source code using Checkmarx AST platform and provide the results as a feedback. Affected versions of this package are vulnerable to Embedded Malicious Code. A version of the Checkmarx Jenkins AST...
EUVD-2023-1880
Malicious code in bioql PyPI...
EUVD-2022-7702
Malicious code in bioql PyPI...
EUVD-2022-1239
Malicious code in bioql PyPI...
CVE-2022-25200
A cross-site request forgery CSRF vulnerability in Jenkins Checkmarx Plugin 2022.1.2 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins plugins Multiple Vulnerabilities (2022-12-07)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...
CVE-2023-35142
Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...
CVE-2023-35142
Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...
CVE-2023-35142
Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default...
CVE-2023-35142
CVE-2023-35142 affects Jenkins Checkmarx Plugin up to version 2022.4.3, where SSL/TLS certificate validation is disabled by default for connections to the Checkmarx server. The issue, documented in multiple sources (NVD/NASL/Tenable, OSV, CVE lists), has a base CVSSv3.1 score of 8.1 (Network, Hig...
Jenkins Plugin Checkmarx 信任管理问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Checkmarx ...
PT-2023-3634 · Jenkins · Jenkins Checkmarx Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.4.3 and earlier Description: The issue is related to errors in SSL/TLS certificate validation. It may allow a remote attacker to perform a "man-in-the-middle" attack. The plugin disables SSL/TLS validati...
CVE-2022-46684
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2022-46684
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting XSS vulnerability...
Cross site scripting
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting XSS vulnerability...
PT-2022-27948 · Jenkins · Jenkins Checkmarx Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.3.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape values returned from the Checkmarx service API before...
Jenkins Checkmarx Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...
CVE-2022-46684
CVE-2022-46684 affects the Jenkins Checkmarx Plugin, versions 2022.3.3 and earlier. The vulnerability arises because the plugin does not escape values returned from the Checkmarx service API before inserting them into HTML reports, enabling stored cross-site scripting (XSS). Exploitation is tied ...
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials
Checkmarx Plugin 2022.1.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
CVE-2022-25201
Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...