EUVD-2022-4002

Malicious code in bioql PyPI...

EUVD-2022-3572

Malicious code in bioql PyPI...

CVE-2019-1003097

Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

PT-2019-11387 · Jenkins · Jenkins Crowd Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Crowd Integration Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global config.xml configuration file on the Jenkins master. This allows users with...

CloudBees Jenkins Crowd 2 Integration Plugin Server Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Crowd 2 Integration Plugin is used in which a Authentication Plugin. A...

CVE-2018-1000422

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...

CVE-2018-1000423

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...