Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2526

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01023EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1396

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00583EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3165

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00524EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-2645

Malicious code in bioql PyPI...

9.9CVSS9AI score0.02962EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-7014

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00537EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3143

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.01825EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.10 views

CVE-2022-36887

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

4.3CVSS6.8AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:55 p.m.6 views

CVE-2022-43413

Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.4AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:42 p.m.7 views

CVE-2022-29042

Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configu...

5.4CVSS5.4AI score0.00798EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:40 p.m.8 views

CVE-2022-28151

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...

4.3CVSS6.5AI score0.00714EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:40 p.m.8 views

CVE-2022-28149

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.4AI score0.00792EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:40 p.m.10 views

CVE-2022-28152

A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job...

4.3CVSS6.7AI score0.00583EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:15 a.m.18 views

CVE-2019-1003017

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...

5.3CVSS6.5AI score0.00524EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 a.m.18 views

CVE-2019-1003015

An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to read...

9.1CVSS6.7AI score0.01825EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:12 a.m.9 views

CVE-2019-1003016

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java,...

8.8CVSS6AI score0.01023EPSS
Exploits0References1
CVE
CVE
added 2023/09/06 12:8 p.m.131 views

CVE-2023-41933

CVE-2023-41933 affects Jenkins Job Configuration History Plugin versions 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not configure its XML parser to prevent XML External Entity (XXE) attacks, enabling potential XXE exploitation. The provided documents do not specify ex...

8.8CVSS8.6AI score0.0075EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/29 8:0 p.m.7 views

CVE-2023-32072 Tuleap vulnerable toXSS via the triggered job URL of a Jenkins job

Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git...

4.8CVSS5.2AI score0.00473EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/23 5:15 p.m.3 views

CVE-2022-38664

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...

5.4CVSS5.6AI score0.0059EPSS
Exploits0References3
OSV
OSV
added 2022/08/23 5:15 p.m.1 views

CVE-2022-38664

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...

5.4CVSS5.7AI score0.0059EPSS
Exploits0References2
OSV
OSV
added 2022/05/14 12:53 a.m.10 views

GHSA-W3R4-VX9W-F7P7 Jenkins Job Config History Plugin reflected XSS vulnerability

A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access...

6.1CVSS5.9AI score0.00842EPSS
Exploits0References5
Rows per page
Query Builder