204 matches found
CVE-2026-57283
A flaw was found in Jenkins Pipeline: Groovy Plugin. This cross-site request forgery CSRF vulnerability allows attackers to instantiate types related to job or system configuration. This could enable unauthorized modifications to the Jenkins environment...
CVE-2026-57283
CVE-2026-57283 affects Jenkins Pipeline: Groovy Plugin (versions including 4331.v9d06ed4658ff and earlier). The vulnerability is a cross-site request forgery (CSRF) in the Pipeline Snippet Generator that lets an attacker instantiate types related to job or system configuration beyond Pipeline ste...
CVE-2026-48921
A flaw was found in the Jenkins Pipeline: Groovy Libraries Plugin. This vulnerability allows an attacker, who can control the content of a library used by a Pipeline job, to read arbitrary files from the Jenkins controller filesystem. This could lead to the disclosure of sensitive information...
CVE-2026-48921
Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...
CVE-2026-48921
Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...
RHCOS 4 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...
Exploit for Cross-Site Request Forgery (CSRF) in Jenkins Convert_To_Pipeline
PoC для CVE‑2023‑28676 — Command Injection Автор: Холост...
CVE-2025-68925
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...
CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...
CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...
PT-2026-2495
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...
CVE-2019-16564
Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names...
EUVD-2022-5503
Malicious code in bioql PyPI...
EUVD-2022-1141
Malicious code in bioql PyPI...
EUVD-2022-1332
Malicious code in bioql PyPI...
EUVD-2022-7015
Malicious code in bioql PyPI...
EUVD-2022-1006
Malicious code in bioql PyPI...
EUVD-2022-4342
Malicious code in bioql PyPI...
EUVD-2022-1130
Malicious code in bioql PyPI...
EUVD-2023-1394
Malicious code in bioql PyPI...