16 matches found
EUVD-2022-7114
Malicious code in bioql PyPI...
EUVD-2022-5423
Malicious code in bioql PyPI...
EUVD-2022-5714
Malicious code in bioql PyPI...
EUVD-2022-2520
Malicious code in bioql PyPI...
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin
Mercurial Plugin provides a webhook endpoint at /mercurial/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. This endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. It can be accessed with GET...
Design/Logic Flaw
Jenkins Mercurial Plugin 1251.vab121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access...
Jenkins Plugin Mercurial 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-26895 · Jenkins · Jenkins Mercurial Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 1251.va b 121f184902 and earlier Description: The Mercurial Plugin provides a webhook endpoint at "/mercurial/notifyCommit" that can be used to notify Jenkins of changes to an SCM repository. This endpoint...
CVE-2022-43410
Jenkins Mercurial Plugin 1251.vab121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access...
XXE vulnerability in Jenkins Mercurial Plugin
Jenkins Mercurial Plugin prior to 2.12, 2.10.1, 2.9.1, and 2.8.1 does not configure its XML changelog parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction...
CVE-2022-30948
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...
PT-2022-20402 · Jenkins · Jenkins Mercurial Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.16 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enabl...
CVE-2020-2306
A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations...
PT-2020-15536 · Jenkins · Jenkins Mercurial Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.11 and earlier Jenkins Mercurial Plugin versions prior to 2.12 Description: A missing permission check in the Jenkins Mercurial Plugin allows attackers with Overall/Read permission to obtain a list of names...
CVE-2018-1000112
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000112
An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users...