40 matches found
EUVD-2023-2769
Malicious code in bioql PyPI...
EUVD-2023-2710
Malicious code in bioql PyPI...
EUVD-2022-3060
Malicious code in bioql PyPI...
CVE-2021-21647
Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission...
The vulnerability of the Jenkins CloudBees CD Plugin, related to errors in processing symbolic links, allows a hacker to delete arbitrary files.
The vulnerability of the Jenkins CloudBees CD Plugin is related to errors in processing symbolic links. Exploiting this vulnerability could allow a malicious actor to delete any files they desire...
GHSA-JX7X-RF3F-J644 Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
In Jenkins CloudBees CD Plugin, artifacts that were previously copied from an agent to the controller are deleted after publishing by the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory...
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
In Jenkins CloudBees CD Plugin, artifacts that were previously copied from an agent to the controller are deleted after publishing by the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory...
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read
Jenkins CloudBees CD Plugin temporarily copies files from an agent workspace to the controller in preparation for publishing them in the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the temporary directory...
GHSA-9GGW-H9MF-4JH7 Jenkins CloudBees CD Plugin vulnerable to arbitrary file read
Jenkins CloudBees CD Plugin temporarily copies files from an agent workspace to the controller in preparation for publishing them in the 'CloudBees CD - Publish Artifact' post-build step. CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the temporary directory...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...
Design/Logic Flaw
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46655
CVE-2023-46655 affects Jenkins CloudBees CD Plugin 1.1.32 and earlier, which, during the CloudBees CD - Publish Artifact post-build step, follows symbolic links to locations outside the published artifacts directory. This can allow attackers who can configure jobs to publish arbitrary files from ...
CVE-2023-46654
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller...
CVE-2023-46654
CVE-2023-46654 affects Jenkins CloudBees CD Plugin 1.1.32 and earlier. The cleanup step “CloudBees CD - Publish Artifact” follows symbolic links to locations outside the expected directory, enabling an attacker who can configure jobs to delete arbitrary files on the Jenkins controller filesystem....
Jenkins Plugin CloudBees CD Backlinking Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...