EUVD-2023-0533

Malicious code in bioql PyPI...

CVE-2023-24447

A cross-site request forgery CSRF vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQPS URL using attacker-specified username and password...

CVE-2023-24448

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQPS URL using attacker-specified username and password...

GHSA-QGJQ-HRHG-F24H Missing permission check in Jenkins RabbitMQ Consumer Plugin

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQPS URL using attacker-specified username and password...

org.jenkins-ci.plugins:rabbitmq-build-trigger (>=1.0 <=2.5) potentially affected by CVE-2023-24448 via org.jenkins-ci.plugins:rabbitmq-consumer (>=1.0 <=2.5)

org.jenkins-ci.plugins:rabbitmq-consumer MAVEN version =1.0, =1.0, =2.5 Source cves: CVE-2023-24448 Source advisory: OSV:GHSA-QGJQ-HRHG-F24H...

org.jenkins-ci.plugins:rabbitmq-build-trigger (>=1.0 <=2.5) potentially affected by CVE-2023-24447 via org.jenkins-ci.plugins:rabbitmq-consumer (>=1.0 <=2.5)

org.jenkins-ci.plugins:rabbitmq-consumer MAVEN version =1.0, =1.0, =2.5 Source cves: CVE-2023-24447 Source advisory: OSV:GHSA-WJ79-9FXJ-J86P...

CVE-2023-24447

A cross-site request forgery CSRF vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQPS URL using attacker-specified username and password...

CVE-2023-24447

A cross-site request forgery CSRF vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQPS URL using attacker-specified username and password...

CVE-2023-24448

CVE-2023-24448 affects the Jenkins RabbitMQ Consumer Plugin, versions 2.8 and earlier. The root cause is a missing permission check in a form-validation path, which allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified credentials. ...

CVE-2023-24448

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQPS URL using attacker-specified username and password...

PT-2023-19607 · Jenkins · Jenkins Rabbitmq Consumer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RabbitMQ Consumer Plugin versions 2.8 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified AMQPS URL using an attacker-specified username and password. Recommendations: For...

CVE-2023-24447

CVE-2023-24447 describes a CSRF vulnerability in Jenkins RabbitMQ Consumer Plugin (versions 2.8 and earlier) that allows an attacker to trigger the Jenkins controller to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password. The issue is triggered via form-va...