15 matches found
EUVD-2022-7050
Malicious code in bioql PyPI...
CVE-2022-43435
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
GHSA-7RRJ-HQV6-FVPP Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...
CVE-2022-43435
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43435
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43435
The CVE-2022-43435 entry concerns Jenkins 360 FireLine Plugin: versions 1.7.2 and earlier that programmatically disable Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, and other downloadable content. The underlying issue is the CSP header is disabl...
Jenkins 360 FireLine Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. Note: Jenkins ha...
GHSA-346G-JRX9-JGF4 Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. Note: Jenkins ha...
CVE-2019-10466
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...
CVE-2019-10466
CVE-2019-10466 is an XXE vulnerability in the Jenkins 360 FireLine Plugin. The issue arises when an attacker with Overall/Read access can cause Jenkins to resolve external entities, enabling extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service. Public re...
CVE-2019-10466
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...
PT-2019-11860 · Jenkins · Jenkins 360 Fireline Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins 360 FireLine Plugin affected versions not specified Description: The issue is related to an XML external entities XXE vulnerability, which allows attackers with Overall/Read access to have Jenkins resolve external entities. This can...