15 matches found
EUVD-2022-7050
Malicious code in bioql PyPI...
CVE-2022-43435
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
GHSA-7RRJ-HQV6-FVPP Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
Jenkins sets the Content-Security-Policy header to static files served by Jenkins specifically DirectoryBrowserSupport, such as workspaces, /userContent, or archived artifacts, unless a Resource Root URL is specified. 360 FireLine Plugin 1.7.2 and earlier globally disables the...
CVE-2022-43435
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43435
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Jenkins 360 FireLine Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-43435
The CVE-2022-43435 entry concerns Jenkins 360 FireLine Plugin: versions 1.7.2 and earlier that programmatically disable Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, and other downloadable content. The underlying issue is the CSP header is disabl...
GHSA-346G-JRX9-JGF4 Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. Note: Jenkins ha...
Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. Note: Jenkins ha...
CVE-2019-10466
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...
CVE-2019-10466
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...
CVE-2019-10466
CVE-2019-10466 is an XXE vulnerability in the Jenkins 360 FireLine Plugin. The issue arises when an attacker with Overall/Read access can cause Jenkins to resolve external entities, enabling extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service. Public re...
PT-2019-11860 · Jenkins · Jenkins 360 Fireline Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins 360 FireLine Plugin affected versions not specified Description: The issue is related to an XML external entities XXE vulnerability, which allows attackers with Overall/Read access to have Jenkins resolve external entities. This can...