EUVD-2023-2170

Malicious code in bioql PyPI...

EUVD-2023-2099

Malicious code in bioql PyPI...

CVE-2023-37950

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-37952

A cross-site request forgery CSRF vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-10283

Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-M9JJ-P947-M8XV Jenkins mabl Plugin missing permission check

Jenkins mabl Plugin 0.0.46 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

CVE-2023-37953

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-37952

CVE-2023-37952 affects Jenkins mabl Plugin versions 0.0.46 and earlier. The root cause is missing permission checks on several HTTP endpoints, allowing CSRF by attackers who can cause the plugin to connect to an attacker-specified URL using attacker-specified credentials IDs, thereby exposing cre...

CVE-2023-37952

A cross-site request forgery CSRF vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

PT-2023-26199 · Jenkins · Jenkins Mabl Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins mabl Plugin versions 0.0.46 and earlier Description: The issue allows attackers with Item/Configure permission to access and capture credentials they are not entitled to, due to the plugin not setting the appropriate context for...

PT-2023-26201 · Jenkins · Jenkins Mabl Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins mabl Plugin versions 0.0.46 and earlier Description: A missing permission check in the Jenkins mabl Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs...