11 matches found
EUVD-2022-3903
Malicious code in bioql PyPI...
GHSA-G6H2-4X64-C59X Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...
The vulnerability of the Jenkins Token Macro plugin relates to incorrect restrictions on XML links to external objects. This allows attackers to forge requests on the server side or trigger service failures.
The vulnerability of the Jenkins Token Macro plugin is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to forge requests on the server side or cause service failures...
XML External Entity (XXE)
Jenkins Token Macro Plugin is vulnerable to XML external entity attacks. A remote, unauthenticated attacker could control the content of the input file for the "XML" macro to have Jenkins resolve external entities and exploit of the flawed XML Data Handler component resulting in the extraction of...
jenkins-plugin-token-macro: XML External Entity processing the ${XML} macro
An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...
CVE-2019-10337
An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...
Server side request forgery (ssrf)
An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...
CVE-2019-10337
An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...
CVE-2019-1003011
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java,...
CVE-2019-1003011
CVE-2019-1003011 affects Jenkins Token Macro Plugin 2.5 and earlier. Affected code paths in Parser.java, TokenMacro.java, AbstractChangesSinceMacro.java, ChangesSinceLastBuildMacro.java, and ProjectUrlMacro allow an attacker who can influence token macro input (e.g., SCM changelogs) to craft recu...
CVE-2019-1003011
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java,...