EUVD-2023-1184

Malicious code in bioql PyPI...

EUVD-2023-1224

Malicious code in bioql PyPI...

CVE-2023-28677

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...

CVE-2023-28676

A cross-site request forgery CSRF vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE...

The vulnerability of the Convert To Pipeline plugin, related to the manipulation of cross-site requests, allows a hacker to execute arbitrary code.

The vulnerability of the Convert To Pipeline plugin is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page, from a remote location...

The vulnerability of the Freestyle Project Configuration Handler component of the Convert To Pipeline Plugin allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Freestyle Project Configuration Handler component of the Convert To Pipeline Plugin is related to improper code generation management. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility ...

GHSA-7C44-M589-36W7 Jenkins Convert To Pipeline Plugin vulnerable to command injection

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations. This allows attackers able to configure Freestyle projects to prepare a crafted...

GHSA-48G9-H7G5-8PW2 Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery

Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...

Jenkins Convert To Pipeline Plugin vulnerable to command injection

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations. This allows attackers able to configure Freestyle projects to prepare a crafted...

Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery

Convert To Pipeline Plugin 1.0 and earlier does not require POST requests for the HTTP endpoint converting a Freestyle project to Pipeline, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to create a Pipeline based on a Freestyle project. Combined...

CVE-2023-28677

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...

CVE-2023-28676

A cross-site request forgery CSRF vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE...

CVE-2023-28677

The CVE-2023-28677 entry concerns the Jenkins Convert To Pipeline Plugin (1.0 and earlier). The vulnerability arises from using basic string concatenation to convert Freestyle projects’ Build Environment, Build Steps, and Post-build Actions into Pipeline invocations, enabling an attacker who can ...

CVE-2023-28676

CVE-2023-28676 describes a cross-site request forgery (CSRF) vulnerability in the Jenkins Convert To Pipeline Plugin, version 1.0 and earlier. The flaw allows an attacker to create a Pipeline based on a Freestyle project, which can potentially lead to remote code execution (RCE). Public reference...

Jenkins Plugins Convert To Pipeline 命令注入漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-2190 · Jenkins · Jenkins Convert To Pipeline Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Convert To Pipeline Plugin versions 1.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution RCE. The...