50 matches found
EUVD-2023-1308
Malicious code in bioql PyPI...
EUVD-2022-6375
Malicious code in bioql PyPI...
EUVD-2022-3919
Malicious code in bioql PyPI...
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
CVE-2022-36910
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them...
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to reindex the database...
GHSA-GH5W-GFFH-68PR Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to reindex the database...
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
Code injection
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
CVE-2023-30529
CVE-2023-30529 affects the Jenkins Lucene-Search Plugin (versions 387.v938a_ecb_f7fe9 and earlier). The underlying issue is that the plugin’s HTTP endpoint does not require POST requests, enabling cross-site request forgery that can be used to reindex the database. The accompanying sources consis...
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
CVE-2023-30529
Jenkins Lucene-Search Plugin 387.v938aecbf7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database...
Jenkins Plugin Lucene-Search 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-22757 · Jenkins · Jenkins Lucene-Search Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Lucene-Search Plugin versions 387.v938a ecb f7fe9 and earlier Description: The issue allows attackers to reindex the database due to the lack of requirement for POST requests for an HTTP endpoint, resulting in a cross-site request...
Logicaldoc LogicalDOC 跨站脚本漏洞
LogicalDOC is the U.S. LogicalDOC company a set of document management system developed using Java technology . The system has features such as Lucene full-text search indexing and automatic import. A security vulnerability exists in LogicalDOC Enterprise. An attacker could exploit this...
The vulnerability of the Jenkins Lucene-Search Plugin, related to the lack of security measures for website structure protection, allows attackers to execute XSS attacks.
The vulnerability of the Jenkins Lucene-Search Plugin exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the Jenkins Lucene-Search Plugin, related to deficiencies in authentication procedures, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Jenkins Lucene-Search Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the search result page. This results in a reflected cross-site scripting XSS vulnerability...