EUVD-2022-1309

Malicious code in bioql PyPI...

EUVD-2022-1572

Malicious code in bioql PyPI...

EUVD-2022-6385

Malicious code in bioql PyPI...

CVE-2022-34802

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-28138

A cross-site request forgery CSRF vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential...

CVE-2022-28139

A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

Jenkins RocketChat Notifier Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

CVE-2022-34802

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

Jenkins Plugin RocketChat Notifier 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

Missing permission check in Jenkins RocketChat Notifier Plugin

Jenkins RocketChat Notifier Plugin 1.4.10 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Additionally, this form validation...

CVE-2022-28138

A cross-site request forgery CSRF vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential...

CVE-2022-28139

A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2022-28138

A cross-site request forgery CSRF vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential...

CVE-2022-28138

A cross-site request forgery CSRF vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential...

PT-2022-18837 · Jenkins · Jenkins Rocketchat Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.4.10 and earlier Description: A missing permission check in the Jenkins RocketChat Notifier Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using...

PT-2022-18836 · Jenkins · Jenkins Rocketchat Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins RocketChat Notifier Plugin versions 1.4.10 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials. This issue arises becau...