Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files

Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These token can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. As of...

EUVD-2022-1914

Malicious code in bioql PyPI...

EUVD-2022-6364

Malicious code in bioql PyPI...

EUVD-2023-2142

Malicious code in bioql PyPI...

EUVD-2023-1934

Malicious code in bioql PyPI...

EUVD-2022-4487

Malicious code in bioql PyPI...

CVE-2022-36908

A cross-site request forgery CSRF vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller file system to an...

CVE-2020-2155

Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

Input validation

A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...