22 matches found
EUVD-2023-2668
Malicious code in bioql PyPI...
EUVD-2022-4597
Malicious code in bioql PyPI...
EUVD-2022-4890
Malicious code in bioql PyPI...
EUVD-2022-3017
Malicious code in bioql PyPI...
EUVD-2022-4673
Malicious code in bioql PyPI...
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...
CVE-2020-2280
A cross-site request forgery CSRF vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code...
CVE-2019-1003007
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...
CVE-2018-1000012
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2023-46651
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1...
PT-2023-6484 · Jenkins · Jenkins Warnings Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Plugin versions 10.5.0 and earlier Description: The issue is related to information disclosure, allowing remote attackers to gain unauthorized access to protected information. Specifically, it does not set the appropriate...
SUSE CVE-2018-1000012
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
GHSA-P498-RPCW-3578 XXE vulnerability Jenkins Warnings Plugin
Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
Sandbox Bypass via CSRF in Jenkins Warnings Plugin
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...
PT-2022-15849 · Jenkins · Jenkins Warnings Next Generation Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Warnings Next Generation Plugin versions 9.10.2 and earlier Description: The issue allows attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system due to...
CVE-2020-2280
A cross-site request forgery CSRF vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code...
CVE-2020-2280
A cross-site request forgery CSRF vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code...
PT-2019-11727 · Jenkins · Jenkins Warnings Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Warnings NG Plugin versions 5.0.0 and earlier Description: A cross-site request forgery issue allows attackers to reset warning counts for future builds. Recommendations: For Jenkins Warnings NG Plugin versions 5.0.0 and earlier, upda...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint...