CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-2568

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00475EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-3446

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00031EPSS

Exploits0References2

Github Security Blog•added 2022/05/13 1:48 a.m.•14 views

Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes

An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions...

4.3CVSS6.5AI score0.00031EPSS

Exploits0References3Affected Software1

OSV•added 2022/05/13 1:48 a.m.•10 views

GHSA-9RX5-W522-5FH7 Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes

4.3CVSS4.2AI score0.00031EPSS

Exploits0References2

Github Security Blog•added 2022/04/13 12:0 a.m.•24 views

Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin

Jenkins promoted builds Plugin 873.v6149dbd64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.00217EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/04/13 12:0 a.m.•25 views

Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL

Jenkins promoted builds Plugin provides dedicated support for defining promotions using Job DSL Plugin. promoted builds Plugin 873.v6149dbd64130 and earlier does not validate the names of promotions defined in Job DSL. This allows attackers with Job/Configure permission to create a promotion with...

5.4CVSS4.4AI score0.00113EPSS

Exploits0References4Affected Software1

Prion•added 2022/04/12 8:15 p.m.•19 views

Cross site scripting

3.5CVSS5.2AI score0.00217EPSS

Exploits0References1Affected Software1

CNNVD•added 2022/04/12 12:0 a.m.•1 views

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in the Jenkins promoted builds Plugin, which stems from the application not...

5.4CVSS5.3AI score0.00217EPSS

Exploits0References4

Positive Technologies•added 2022/04/12 12:0 a.m.•1 views

PT-2022-19389 · Jenkins · Jenkins Promoted Builds Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins promoted builds Plugin versions 873.v6149db d64130 and earlier, except version 3.10.1 Description: The issue allows attackers with Job/Configure permission to create a promotion with an unsafe name, as the names of promotions defined ...

5.4CVSS4.9AI score0.00113EPSS

Exploits0References8

CNNVD•added 2022/04/12 12:0 a.m.•1 views

Jenkins promoted builds Plugin 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.The Jenkins promoted builds Plugin is vulnerable to an input validation error that could be exploited by an attacker to...

5.4CVSS5.6AI score0.00113EPSS

Exploits0References4

CNVD•added 2021/04/08 12:0 a.m.•9 views

CloudBees Jenkins Promoted Builds plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

4.3CVSS6.5AI score0.00475EPSS

Exploits0References1

OSV•added 2021/04/07 2:15 p.m.•16 views

CVE-2021-21641

A cross-site request forgery CSRF vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds...

4.3CVSS6.6AI score

Exploits0References2

Cvelist•added 2021/04/07 1:50 p.m.•19 views

CVE-2021-21641

A cross-site request forgery CSRF vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds...

5.1AI score0.00475EPSS

Exploits0References2

AlpineLinux•added 2021/04/07 1:50 p.m.•33 views

CVE-2021-21641

A cross-site request forgery CSRF vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds...

4.3CVSS5.6AI score0.00475EPSS

Exploits0References2

Positive Technologies•added 2021/04/07 12:0 a.m.•2 views

PT-2021-14684 · Jenkins · Jenkins Promoted Builds Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins promoted builds Plugin versions 3.9 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to promote builds. This issue arises because the plugin does not require POST requests for HTTP endpoints...

4.3CVSS4.5AI score0.00475EPSS

Exploits0References10

CNNVD•added 2021/04/07 12:0 a.m.•4 views

Jenkins 跨站请求伪造漏洞

4.3CVSS5.8AI score0.00475EPSS

Exploits0References5