31 matches found
EUVD-2022-7743
Malicious code in bioql PyPI...
EUVD-2022-6380
Malicious code in bioql PyPI...
EUVD-2022-5207
Malicious code in bioql PyPI...
CVE-2023-41936
Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token...
CVE-2022-46683
Jenkins Google Login Plugin 1.4 through 1.6 both inclusive improperly determines that a redirect URL after login is legitimately pointing to Jenkins...
CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2023-41936
Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token...
CVE-2023-41936
Summary : CVE-2023-41936 affects Jenkins Google Login Plugin 1.7 and earlier. The vulnerability arises from a non-constant time token comparison function used when verifying the provided versus expected token, enabling attackers to use statistical methods to obtain a valid token. The connected so...
Jenkins plugins Multiple Vulnerabilities (2022-12-07)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. CVE-2022-46682 - Jenki...
SUSE CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
SUSE CVE-2018-1000174
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login...
SUSE CVE-2018-1000173
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...
Jenkins Google Login Plugin 输入验证错误漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. An input validation error...
CVE-2022-46683
Jenkins Google Login Plugin 1.4 through 1.6 both inclusive improperly determines that a redirect URL after login is legitimately pointing to Jenkins...
CVE-2022-46683
The CVE-2022-46683 issue affects Jenkins Google Login Plugin versions 1.4–1.6 (inclusive). The root cause is an improper check that a post-login redirect URL legitimately points to Jenkins, enabling an open redirect scenario. This could allow phishing-like redirects to attacker-controlled sites b...
CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
CVE-2015-5298
The CVE-2015-5298 entry concerns the Jenkins Google Login Plugin versions 1.0 and 1.1. The vulnerability arises from client-side request modification that bypasses domain-restriction controls, allowing malicious anonymous users to authenticate against Jenkins instances that should be limited to a...
CVE-2015-5298
The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...
Jenkins Google Login Plugin Open Redirect vulnerability
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Google Login Plugin 1.3.1 only performs redirects to relative URLs...