Cross-Site Scripting (XSS)

Jenkins Gatling is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to bypass of Content-Security-Policy protections when serving Gatling reports, which allows an attacker to inject and execute malicious scripts through modified report content...

EUVD-2025-17299

Malicious code in bioql PyPI...

EUVD-2025-23856

Malicious code in bioql PyPI...

EUVD-2022-4216

Malicious code in bioql PyPI...

EUVD-2025-23855

Malicious code in bioql PyPI...

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

CVE-2025-51308

In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks...

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

CVE-2025-51308

In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks...

Gatling Enterprise 安全漏洞

Gatling Enterprise is a load testing and performance testing management platform from Gatling France. A security vulnerability exists in Gatling Enterprise versions prior to 1.25.0 that stems from improper session management and could result in session tokens remaining available after logout...

CVE-2025-51308

In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks...

CVE-2025-51308

CVE-2025-51308 affects Gatling Enterprise, versions below 1.25.0. A low-privileged user without the admin role can issue REST API calls to read-only endpoints and collect information due to missing authorization checks. The issue is described as unauthorized access to information via read-only en...

CVE-2025-51306

Gatling Enterprise prior to 1.25.0: logging out does not invalidate the session token due to improper session management, allowing continued access after logout. Impact is partial (low confidentiality/integrity) per provided CVSS; remediation is to upgrade to version 1.25.0 or later. No exploitat...

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

CVE-2025-51308

In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks...

PT-2025-32180 · Gatling · Gatling Enterprise

Name of the Vulnerable Software and Affected Versions: Gatling Enterprise versions prior to 1.25.0 Description: A user logging out of Gatling Enterprise may still be able to use their session token to continue accessing the application without session expiration. This is due to incorrect session...

Gatling Enterprise 安全漏洞

Gatling Enterprise is a load testing and performance testing management platform from Gatling France. A security vulnerability exists in Gatling Enterprise versions prior to 1.25.0 that stems from a lack of authorization checking and could result in a low-privileged user accessing read-only...

CVE-2025-51306

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management...

PT-2025-32181 · Unknown · Gatling Enterprise

Name of the Vulnerable Software and Affected Versions: Gatling Enterprise versions prior to 1.25.0 Description: Gatling Enterprise is susceptible to an issue where a user with limited privileges, lacking the “admin” role, can execute REST API calls on read-only endpoints. This allows unauthorized...