Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-4310

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00656EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4780

Malicious code in bioql PyPI...

5.9CVSS5.9AI score0.00497EPSS
Exploits0References4
OSV
OSV
added 2023/08/16 3:15 p.m.6 views

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

5.4CVSS5.6AI score0.0051EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.4 views

SUSE CVE-2017-1000402

Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks...

5.9CVSS5.7AI score0.00497EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:19 p.m.14 views

GHSA-C264-8834-PPJ2 CSRF vulnerability in Jenkins Swarm Plugin

Swarm Plugin adds API endpoints to add or remove agent labels. In Swarm Plugin 3.20 and earlier these only require a global Swarm secret to use, and no regular permission check is performed. This allows users with Agent/Create permission to add or remove labels of any agent. Additionally, these A...

5.4CVSS6.4AI score0.00613EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:19 p.m.24 views

Improper permission checks in Jenkins Swarm Plugin

Swarm Plugin adds API endpoints to add or remove agent labels. In Swarm Plugin 3.20 and earlier these only require a global Swarm secret to use, and no regular permission check is performed. This allows users with Agent/Create permission to add or remove labels of any agent. Swarm Plugin 3.21...

4.3CVSS5AI score0.00656EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/04/30 1:29 p.m.3 views

CVE-2019-10309

Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbitrary files from Swarm clients...

9.3CVSS7AI score0.01794EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/04/30 12:0 a.m.6 views

PT-2019-11711 · Jenkins · Jenkins Swamp Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Swarm Plugin affected versions not specified Description: The issue concerns the Jenkins Swarm Plugin, which allows clients to auto-discover Jenkins instances on the same network through a UDP discovery request. The responses to this...

9.3CVSS9AI score0.01794EPSS
Exploits0References7
Prion
Prion
added 2018/01/26 2:29 a.m.32 views

Design/Logic Flaw

Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks...

4.3CVSS5.4AI score0.05844EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2017/11/21 11:23 a.m.40 views

CVE-2017-1000402

Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks...

5.9CVSS3.4AI score0.05844EPSS
Exploits0References2
Rows per page
Query Builder