EUVD-2022-5883

Malicious code in bioql PyPI...

CVE-2022-34200

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

GHSA-C8MF-MC3F-2WVC Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Missing permission check in Jenkins Convertigo Mobile Platform Plugin

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

Jenkins Convertigo Mobile Platform Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Convertigo Mobile Platform Plug...

CVE-2022-34201

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-34199

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL...

Information disclosure

A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2022-34201

The connected documents confirm CVE-2022-34201 affects Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier, caused by a missing permission check in a form-validation method, enabling attackers with Overall/Read to connect to an attacker-specified URL (CSRF risk noted). As of publication, th...

CVE-2022-34200

The CVE-2022-34200 issue affects Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier. It is a CSRF vulnerability in a form-validation method that allows an attacker with Overall/Read permission to connect to an attacker-specified URL, and the vulnerability can be triggered without POST cons...

CVE-2022-34199

CVE-2022-34199 concerns the Jenkins Convertigo Mobile Platform Plugin (version 1.1 and earlier). The vulnerability arises because passwords are stored unencrypted in the plugin’s configuration files (job config.xml) on the Jenkins controller, making them viewable by users with Extended Read permi...

PT-2022-22068 · Jenkins · Jenkins Convertigo Mobile Platform Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Convertigo Mobile Platform Plugin versions 1.1 and earlier Description: The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins controller. This can be viewed by users with Extended Read permission o...

Jenkins Plugin Convertigo Mobile Platform 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from a failure to perform permission checks in the...

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

CVE-2022-25210

CVE-2022-25210 affects the Jenkins Convertigo Mobile Platform Plugin up to version 1.1. The vulnerability arises from using static fields to store job configuration information, enabling attackers with Item/Configure permission to capture passwords for jobs that will be configured. This is descri...

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

PT-2022-17149 · Jenkins · Jenkins Convertigo Mobile Platform Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Convertigo Mobile Platform Plugin versions 1.1 and earlier Description: The issue allows attackers with Item/Configure permission to capture passwords of jobs that will be configured, due to the use of static fields to store job...