8 matches found
CVE-2019-16565
A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16567
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
EUVD-2022-3546
Malicious code in bioql PyPI...
EUVD-2022-5582
Malicious code in bioql PyPI...
EUVD-2023-1818
Malicious code in bioql PyPI...
CVE-2023-3315
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2023-3315
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
PT-2023-24190 · Jenkins · Jenkins Team Concert Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Team Concert Plugin versions 2.4.1 and earlier Description: The issue is related to missing permission checks in the Jenkins Team Concert Plugin, which allows attackers with Overall/Read permission to check for the existence of an...