Lucene search
K

204 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 8:39 p.m.8 views

CVE-2026-57283

A flaw was found in Jenkins Pipeline: Groovy Plugin. This cross-site request forgery CSRF vulnerability allows attackers to instantiate types related to job or system configuration. This could enable unauthorized modifications to the Jenkins environment...

6.5CVSS5.7AI score0.00158EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 1:20 p.m.26 views

CVE-2026-57283

CVE-2026-57283 affects Jenkins Pipeline: Groovy Plugin (versions including 4331.v9d06ed4658ff and earlier). The vulnerability is a cross-site request forgery (CSRF) in the Pipeline Snippet Generator that lets an attacker instantiate types related to job or system configuration beyond Pipeline ste...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.14 views

CVE-2026-48921

A flaw was found in the Jenkins Pipeline: Groovy Libraries Plugin. This vulnerability allows an attacker, who can control the content of a library used by a Pipeline job, to read arbitrary files from the Jenkins controller filesystem. This could lead to the disclosure of sensitive information...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 2:13 p.m.41 views

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:13 p.m.13 views

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

5.9AI score0.00301EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

8.8CVSS6.2AI score0.01428EPSS
Exploits0References16
GithubExploit
GithubExploit
added 2026/02/25 7:17 p.m.152 views

Exploit for Cross-Site Request Forgery (CSRF) in Jenkins Convert_To_Pipeline

PoC для CVE‑2023‑28676 — Command Injection Автор: Холост...

8.8CVSS5.5AI score0.0064EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/14 8:22 p.m.7 views

CVE-2025-68925

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

6.9CVSS7.1AI score0.00128EPSS
Exploits0References1
OSV
OSV
added 2026/01/13 7:30 p.m.6 views

CVE-2025-68925 Jervis has a JWT Algorithm Confusion Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2...

6.9CVSS7AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/01/13 7:16 p.m.9 views

CVE-2025-68698 Jervis has an RSA PKCS#1 v1.5 Padding Vulnerability

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.11 views

PT-2026-2495

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft32, '0' when it should use padLeft64, '0' because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability is fixed in 2.2...

8.7CVSS6.8AI score0.00147EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.7 views

CVE-2019-16564

Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names...

5.4CVSS5.7AI score0.00688EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5503

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.02034EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1141

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.01715EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1332

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01376EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-7015

Malicious code in bioql PyPI...

9.9CVSS8.9AI score0.01161EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-1006

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.01421EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4342

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00688EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1130

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.01382EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1394

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00456EPSS
Exploits0References3
Rows per page
Query Builder