54 matches found
EUVD-2022-3788
Malicious code in bioql PyPI...
CVE-2020-2202
A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2019-1003047
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-1003046
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server...
Missing permission checks in Jenkins Fortify on Demand Plugin
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. This form validation method requires appropriate permission in...
GHSA-FHMF-XF2Q-4M8P Missing permission checks in Jenkins Fortify on Demand Plugin
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. This form validation method requires appropriate permission in...
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin
Fortify on Demand Plugin provides a list of applicable credentials IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions in Fortify on Demand Plugin 6.0.0 and earlier, allowing any user with Overall/Read permission to get a lis...
CSRF vulnerability in Jenkins Fortify on Demand Plugin
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. This form validation method requires appropriate permission in Fortify on...
GHSA-P364-XFP2-F9RR CSRF vulnerability in Jenkins Fortify on Demand Plugin
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. This form validation method requires appropriate permission in Fortify on...
GHSA-FPH2-FWJQ-PRJF Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin
Fortify on Demand Plugin provides a list of applicable credentials IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions in Fortify on Demand Plugin 6.0.0 and earlier, allowing any user with Overall/Read permission to get a lis...
Jenkins Fortify on Demand Plugin stores credentials in plain text
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system...
GHSA-HHHH-69QP-5P2V Jenkins Fortify on Demand Plugin stores credentials in plain text
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system...
GHSA-7JCX-J6GV-M4HF Jenkins Fortify on Demand Uploader Plugin CSRF vulnerability
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server...
SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CloudBees Jenkins Fortify on Demand Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Fortify on Demand Plugin is used in one of the support for uploading code...
CloudBees Jenkins Fortify on Demand Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Fortify on Demand Plugin is used in one of the support for uploading code...
CloudBees Jenkins Fortify on Demand Plugin Authorization Issue Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Fortify on Demand Plugin is used in one of the support for uploading code...
CVE-2020-2203
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs...
CVE-2020-2204
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs...
CVE-2020-2202
A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...