Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.25 views

EUVD-2022-3903

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01999EPSS
Exploits0References8
OSV
OSV
added 2022/05/24 4:47 p.m.2 views

GHSA-G6H2-4X64-C59X Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin

An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...

7.5CVSS5.9AI score0.01999EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2019/07/16 12:0 a.m.13 views

The vulnerability of the Jenkins Token Macro plugin relates to incorrect restrictions on XML links to external objects. This allows attackers to forge requests on the server side or trigger service failures.

The vulnerability of the Jenkins Token Macro plugin is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to forge requests on the server side or cause service failures...

7.8CVSS5.5AI score0.01999EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2019/07/08 12:7 a.m.27 views

XML External Entity (XXE)

Jenkins Token Macro Plugin is vulnerable to XML external entity attacks. A remote, unauthenticated attacker could control the content of the input file for the "XML" macro to have Jenkins resolve external entities and exploit of the flawed XML Data Handler component resulting in the extraction of...

7.5CVSS7.5AI score0.01999EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2019/07/03 11:56 a.m.8 views

jenkins-plugin-token-macro: XML External Entity processing the ${XML} macro

An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...

7.5CVSS7.4AI score0.01999EPSS
Exploits0References5
NVD
NVD
added 2019/06/11 2:29 p.m.39 views

CVE-2019-10337

An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...

7.5CVSS7.5AI score0.01999EPSS
Exploits0References5
Prion
Prion
added 2019/06/11 2:29 p.m.24 views

Server side request forgery (ssrf)

An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...

5CVSS7.5AI score0.01999EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2019/06/11 1:15 p.m.47 views

CVE-2019-10337

An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...

6.9AI score0.01999EPSS
Exploits0References5
NVD
NVD
added 2019/02/06 4:29 p.m.18 views

CVE-2019-1003011

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java,...

8.1CVSS7.8AI score0.02039EPSS
Exploits0References3
CVE
CVE
added 2019/02/06 4:0 p.m.84 views

CVE-2019-1003011

CVE-2019-1003011 affects Jenkins Token Macro Plugin 2.5 and earlier. Affected code paths in Parser.java, TokenMacro.java, AbstractChangesSinceMacro.java, ChangesSinceLastBuildMacro.java, and ProjectUrlMacro allow an attacker who can influence token macro input (e.g., SCM changelogs) to craft recu...

8.1CVSS7.6AI score0.02039EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/02/06 4:0 p.m.36 views

CVE-2019-1003011

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java,...

7.8AI score0.02039EPSS
Exploits0References3
Rows per page
Query Builder