23 matches found
EUVD-2023-2581
Malicious code in bioql PyPI...
EUVD-2023-2477
Malicious code in bioql PyPI...
EUVD-2023-1900
Malicious code in bioql PyPI...
CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
CVE-2023-41942
A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...
CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...
Design/Logic Flaw
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
CVE-2023-41942
A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...
CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
CVE-2023-41942
A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...
CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
CVE-2023-41942
The CVE-2023-41942 entry concerns a CSRF vulnerability in the Jenkins AWS CodeCommit Trigger Plugin. Affected software: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier. Root cause: cross-site request forgery that enables an attacker to clear the SQS queue. Impact: described as a...
CVE-2023-41942
A cross-site request forgery CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue...
CVE-2023-41943
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue...
Jenkins Plugin AWS CodeCommit Trigger Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. Jenkins Plugin AWS...
PT-2023-28180 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to clear the SQS queue. Recommendations: For Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12...
PT-2023-28181 · Jenkins · Jenkins Aws Codecommit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins AWS CodeCommit Trigger Plugin versions 3.0.12 and earlier Description: The issue arises from a lack of permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. This can be exploited...
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system...