13 matches found
EUVD-2022-6410
Malicious code in bioql PyPI...
EUVD-2022-6358
Malicious code in bioql PyPI...
EUVD-2022-6355
Malicious code in bioql PyPI...
CVE-2022-34792
A cross-site request forgery CSRF vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...
CVE-2022-34793
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-34794
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML...
Missing Authorization in Jenkins Recipe Plugin
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin allows users to export the full configuration of jobs as part of a recipe,...
GHSA-J33R-CGM6-PV48 Missing Authorization in Jenkins Recipe Plugin
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin allows users to export the full configuration of jobs as part of a recipe,...
CVE-2022-34793
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-34792
A cross-site request forgery CSRF vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...
CVE-2022-34793
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2022-34792
A cross-site request forgery CSRF vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...
PT-2022-22345 · Jenkins · Jenkins Recipe Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Recipe Plugin versions 1.2 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. This allows for potential exploitation. Recommendations: For...