34 matches found
EUVD-2022-2526
Malicious code in bioql PyPI...
EUVD-2022-1396
Malicious code in bioql PyPI...
EUVD-2022-3165
Malicious code in bioql PyPI...
EUVD-2022-2645
Malicious code in bioql PyPI...
EUVD-2022-7014
Malicious code in bioql PyPI...
EUVD-2022-3143
Malicious code in bioql PyPI...
CVE-2022-36887
A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...
CVE-2022-43413
Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-29042
Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configu...
CVE-2022-28151
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...
CVE-2022-28149
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-28152
A cross-site request forgery CSRF vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job...
CVE-2019-1003017
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...
CVE-2019-1003015
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to read...
CVE-2019-1003016
An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java,...
CVE-2023-41933
CVE-2023-41933 affects Jenkins Job Configuration History Plugin versions 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not configure its XML parser to prevent XML External Entity (XXE) attacks, enabling potential XXE exploitation. The provided documents do not specify ex...
CVE-2023-32072 Tuleap vulnerable toXSS via the triggered job URL of a Jenkins job
Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git...
CVE-2022-38664
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...
CVE-2022-38664
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...
GHSA-W3R4-VX9W-F7P7 Jenkins Job Config History Plugin reflected XSS vulnerability
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access...