CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...

PT-2026-33112

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...

EUVD-2022-6343

Malicious code in bioql PyPI...

Jenkins Elasticsearch Query Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

GHSA-H5H5-M2MC-J2PV Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file org.jenkinsci.plugins.elasticsearchquery.ElasticsearchQueryBuilder.xml on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file org.jenkinsci.plugins.elasticsearchquery.ElasticsearchQueryBuilder.xml on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34807

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34807

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34807

CVE-2022-34807 affects Jenkins Elasticsearch Query Plugin 1.2 and earlier. The flaw exposes a password stored unencrypted in the plugin’s global configuration file on the Jenkins controller, enabling access to the password by anyone with Jenkins controller filesystem access. Practically, this is ...

Jenkins Plugin Elasticsearch Query 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

PT-2022-22359 · Jenkins · Jenkins Elasticsearch Query Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Elasticsearch Query Plugin versions 1.2 and earlier Description: The issue concerns the storage of a password in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the password is stored ...