Duplicate

This advisory duplicates another...

Improper Access Control

Dragonfly is vulnerable to Improper Access Control. The vulnerability is due to the /api/v1/jobs and /preheats endpoints in the Manager web UI being accessible without authentication, which allows an unauthenticated attacker with network access to create numerous malicious jobs and cause a...

EUVD-2024-50621

Malicious code in bioql PyPI...

CVE-2025-10725

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the...

PT-2025-38253

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description The /api/v1/jobs and /preheats endpoints in the Manager web UI are accessible without authentication. An unauthenticated adversary with network access to a Manager web UI can create, delete, and...

Dragonfly doesn't have authentication enabled for some Manager’s endpoints

The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can create, delete, and modify jobs, and create preheat jobs. An unauthenticated adversary with network access to a Manager web UI uses /api/v1/jobs endpoi...

CVE-2024-12132

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2024-12132

CVE-2024-12132 - WP Job Portal (WordPress) vulnerability : The WP Job Portal – A Complete Recruitment System plugin for WordPress is vulnerable to insecure direct object references in all versions up to 2.2.4 due to missing validation on a user-controlled key. This enables authenticated attackers...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...

PT-2023-25165 · Jenkins · Jenkins Template Workflows Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Template Workflows Plugin versions 41.v32d86a 313b 4a and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape names of jobs used as building blocks...

CVE-2023-32750

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The...

SUSE CVE-2014-2059

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

GHSA-V759-3FH9-84MX Jenkins directory traversal vulnerability

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

Directory Traversal

jenkins is vulnerable to directory traversal. The vulnerability exists in the CLI job creation in hudson/cli/CreateJobCommand.java...

Jenkins 2.150.2 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins...

DC/OS Marathon UI Docker Exploit

Utilizing the DCOS Cluster's Marathon UI, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing...

Design/Logic Flaw

The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors...

Design/Logic Flaw

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors...

CVE-2014-2059

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

Directory traversal

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...