EUVD-2022-4166

Malicious code in bioql PyPI...

EUVD-2022-5499

Malicious code in bioql PyPI...

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

CVE-2019-10408

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...

Jenkins Project Inheritance Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

Jenkins Project Inheritance Plugin vulnerable to cross site scripting

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2022-34787

CVE-2022-34787 concerns Jenkins Project Inheritance Plugin, versions 21.04.03 and earlier. The vulnerability arises because the plugin does not escape the text explaining why a build is blocked in tooltips, enabling stored or reflected XSS if an attacker can control the blocked queue reason. Expl...

Jenkins Plugin Project Inheritance 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

Missing permission check in Jenkins Project Inheritance Plugin

Jenkins limits access to job configuration XML data config.xml to users with Job/ExtendedRead permission, typically implied by Job/Configure permission. Project Inheritance Plugin has several job inspection features, including the API URL /job/…​/getConfigAsXML for its Inheritance Project job typ...

GHSA-HJ32-9MCW-5CWH Missing permission check in Jenkins Project Inheritance Plugin

Jenkins limits access to job configuration XML data config.xml to users with Job/ExtendedRead permission, typically implied by Job/Configure permission. Project Inheritance Plugin has several job inspection features, including the API URL /job/…​/getConfigAsXML for its Inheritance Project job typ...

Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery

Project Inheritance Plugin allows the creation of projects based on templates defined in the plugin configuration. A missing permission check in the HTTP endpoint triggering project creation allowed users with Overall/Read permission to create these projects. Additionally, the HTTP endpoint did n...

GHSA-XC7Q-P3F4-Q389 Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery

Project Inheritance Plugin allows the creation of projects based on templates defined in the plugin configuration. A missing permission check in the HTTP endpoint triggering project creation allowed users with Overall/Read permission to create these projects. Additionally, the HTTP endpoint did n...

CloudBees Jenkins Project Inheritance Plugin Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...

Unspecified Vulnerability in CloudBees Jenkins Project Inheritance Plugin (CNVD-2020-33746)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...

CVE-2020-2197

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...

Code injection

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...

Format string

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...